![Скачать презентацию Internet 2 Overview Engagement Network and Services Fall Скачать презентацию Internet 2 Overview Engagement Network and Services Fall](https://present5.com/wp-content/plugins/kama-clic-counter/icons/ppt.jpg)
a37aa3f6b933b0ea023cfc5ddf7994e1.ppt
- Количество слайдов: 140
Internet 2 Overview: Engagement, Network and Services Fall 2007 Member Meeting October 8, 2007
Agenda • Internet 2 Overview - Marianne Smith • Internet 2 Network Services - Heather Martinson • Middleware and Security - Renee’ Frost Discipline Communities - Ann Doyle Cyberinfrastructure Initiatives - Russ Hobby 2
Internet 2 Mission and Goals Internet 2 Mission • Develop and deploy advanced network applications and technologies, accelerating the creation of tomorrow’s Internet 2 Goals § Enable new generation of applications § Re-create leading edge R&E network capability § Transfer technology and experience to the global production Internet 3
What We Do…… • We provide our members with an “Advanced Networking Environment” to use for research and education • • • 4 Internet 2 network backbone Circuit Networks Network research HOPI IPv 6, Multicast End-to-End Performance Initiative Applications and Services – e. g. Commons and In. Common Middleware Security
What We Do……… • We provide our members with an environment for partnerships and collaborations in advanced networking: • Among themselves and with faculty and research peers • With other partners: International, Federal agencies, K 20 School networks, the Quilt • Applications Collaborations: high energy physicists, arts & humanities, health science, teaching and learning 5
Internet 2 Membership A Wealth of Diversity
Internet 2 Partnerships Internet 2 fosters the partnerships and collaboration that spurred the development of the Internet. • Academia • Industry • Government • International 7
Internet 2 Membership • Affiliate - 46 Members • Non-profit research or education organizations • Corporate - 60 Members • For-profit companies • Research and Education Network -30 Members • Network infrastructure providers to R & E community • University – 209 Members • United States institutions of higher education http: //members. internet 2. edu/ 8
Internet 2 Universities 209 University Members http: //members. internet 2. edu/university/universities. cfm 9
Internet 2 Corporate Members • Focused on Realizing the Potential that advanced Networking, Middleware and Applications hold for Research and Education and Opportunity to Shape the Future of the Global Internet Broad Range of Industries: - Technology Providers - Content Providers - Technology Consumers http: //members. internet 2. edu/corporate/ 10
Internet 2 Corporate Partners 11
Internet 2 Corporate Sponsors • Arbor Networks • Campus Televideo • Codian, Inc. • Foundry Networks • IOCOM 12 • Polycom Worldwide • RADVISION • TANDBERG • VBrick Systems
Internet 2 Corporate Members • ADVA Optical Networking • Alcatel-Lucent Technologies • Apparent Networks • Arbinet-thexchange, Inc. • Arootz • Caterpillar, Inc. • Cdigix • Cedar Point Communications • Comcast Cable Communications, Inc. • C-SPAN • Communi. Gate Systems • EBSCO Information Services • Education Networks of America, Inc. • EKINOPS • Fujitsu Laboratories of America • Global Crossing • Google • Hai. Vision Systems, Inc • Intele. Peer, Inc. 13 • Johnson & Johnson • KDDI Corporation • Life. Size Communications • Media Links, Inc. • Napster, LLC • Nippon Telephone and Telegraph (NTT) • Northrop Grumman Information Technology • OCLC Online Computer Library Center • Op. Vista, Inc. • RIAA • Red Hat, Inc. • Ruckus Network, Inc. • Schlumberger • Soapstone • Steelcase, Inc. • The Thomson Corporation • Verizon Business • Video Furnance, Inc. • Vidyo • Warner Bros.
Internet 2 Affiliate Members • Federal labs • Federal agencies • Fine arts institutions • Health care institutions • Performing arts organizations http: //members. internet 2. edu/affiliates. cfm 14
Internet 2 Affiliate Members • Acuta • Altarum • American Distance Education Consortium • Association of Universities for Research in Astronomy (AURA) • CERN • Charles R. Drew University • Children’s Hospital of Philadelphia • Cleveland Institute of Music • Cleveland Museum of Art • Coalition for Networked Information (CNI) • Department of Veteran Affairs • Desert Research Institute • EDUCAUSE 15 • ESnet • Healthcare Information and Management Systems Society (HIMSS) • Howard Hughes Medical Institute • Indiana Higher Education Telecommunications System (IHETS) • Inter-American Development Bank • Internet Educational Equal Access Foundation • Jet Propulsion Laboratory • Lawrence Berkeley National Laboratory • The Library of Congress • Los Alamos National Laboratory • Manhattan School of Music
Internet 2 Affiliate Members Con’d • NASA Goddard Space Flight Center • NASA Marshall Space Flight Center • National Archives and Records Administration • National Institute of Standards and Technology (NIST) • National Institutes of Health • NOAA – Washington, D. C. • National Science Foundation • New World Symphony • Oak Ridge National Laboratory • OSTN (Open Student Television Network) • Pacific Northwest National Laboratory • Peach. Net • Ruth Lily Health Education Center 16 • SURA • TOPIX • U. S. Census Bureau • United Nations System of Organizations • United States Antarctic Program • United States Dept. of Commerce Boulder Labs • United States Holocaust Memorial Museum • University Corporation for Atmospheric Research • University of North Carolina General Administration • University of Texas Medical Branch • The World Bank
Research and Education Network Members US-based non-profit organization that has a principal mission to provide network infrastructure and services primarily to the research and education community 17
Internet 2 R&E Network Members • 3 ROX • CENIC • CEN • CIC Omni. Po. P • CPE • FLR • GPN • Indiana • Kan. REN • LEARN • LONI • MAGPI • MAX • MCNC • Merit Network 18 • MOREnet • MREN • NJEDge. Net • Northern Lights • NOX • NYSERNet • Oregon Giga. Po. P • OSCnet • One. Net • OSHEAN • One. Net • PNWG • Peach. Net • SOX • UEN • Wisc. Net
K 20 Initiative
K 20 Initiative Brings together Internet 2 member institutions and innovators from primary and secondary schools, colleges and universities, libraries, and museums to extend new technologies, applications, middleware, and content to all educational sectors http: //k 20. internet 2. edu/ 20
Lewis and Clark: Then and Now http: //ali. apple. com/lewisandclark/ 21
JASON http: //www. jason. org/ 22
Digital Learning Commons http: //www. learningcommons. org/ 23
NEPTUNE http: //www. neptune. washington. edu/ 24
An Asset for the Community Universities Researchers Regional Networks K-12 Industry International 25
Internet 2 Member Community
Strengthening Community: Member Engagement Opportunities • Join working groups, special interest groups and advisory groups • http: //www. internet 2. edu/working-groups. html#Advisory • Find collaborators for discipline and institutional projects and grants • Foster applications development and faculty outreach • Be an early adopter of new technologies and tools 27
Strengthening Community: Member Engagement Opportunities • Advisory Councils • Projects and Initiatives • Working Groups • Collaborative grant efforts • Member Meetings • SIGs and Bo. Fs • Presentations • Program Committee 28
Strengthening Community: Supporting member engagement • Middleware Architecture Committee for Education (MACE) • Salsa: Security Advisory Group • K 20 Initiative Advisory Committee • Health Sciences Advisory Group • Arts & Humanities Advisory Groups • Working Groups • Special Interest Groups 29
Strengthening Community: Supporting member activities and events • Provide event planning expertise and resources • Provide speakers • Provide equipment • Provide PR and communications for member events • Spotlight member organizations and individuals • Provide printed materials and signage 30
Additional Workshops • Arts & Humanities Performance Workshop • Dynamic Circuit Services • High-Energy Nuclear Physicists (Large Hadron Collider) • IPv 6 • Multicast • Network Performance • Real Time Collaboration Tools (Internet 2 Commons) 31
Strengthening Community: Member Accomplishments • Advanced applications development, broad and deep • Development and deployment of middleware capabilities, locally and nationally • Creation and support of national highperformance networks, including next generation optical networks • Strong partnerships with international networking organizations • Focused efforts on end-to-end performance, and network and host security 32
Strengthening Community: Internet 2 Governance • Creation of four new Councils that are heterogeneous, defined by operational function and more tightly connected to the membership: • Architecture and Operations Advisory Council (AOAC) • Applications, Middleware, and Services Advisory Council (AMSAC) • Research Advisory Council (RAC) • External Relations Advisory Council (ERAC) 33
Strengthening Community: Internet 2 Governance • Each Council has three seats from each of these constituency groups: • CIO Representatives • Regional Network Representative • Researcher Representative • Industry Representative http: //www. internet 2. edu/about/governance/ 34
Internet 2 Network Overview Heather Martinson, Sr. Program Manager 2007 Fall Member Meeting San Diego, California
Internet 2 Network Outline • Network Community • Network Overview • Services Slide 36
Internet 2 Network Affiliations • Connector – maintains direct connection to Internet 2 Network; provide connections and network services to Internet 2 members • Participant – a Member of Internet 2 that has entered into an Internet 2 Network Participation Agreement • Sponsored Participant – an individual non-Internet 2 member educational institution that is sponsored by one or more Internet 2 University Members • Includes K 20 schools, museums, libraries, hospitals, zoos; can be not-for-profit or for-profit within these categories • Sponsored Education Group Participant (SEGP) – an aggregate of one or more networks serving educational and education-related organizations and state/local government institutions within the same state Slide 37
Internet 2 Network Internet 2 Communities 04/07 Member Community 10/07 209 University Members 209 12 Corporate Partners 12 11 Corporate Sponsors 9 34 Corporate Members 35 46 Affiliate Members 46 19 Regional Network Members 30 54 International Mo. U Partners (reaching 80+ networks) 56 Network Community 32 Connectors 22 246 Participants 245 153 Sponsored Participants 155 38 Sponsored Education Group Participants 38 Slide 38
Internet 2 Network Community • New Participants • • • Thomson Corporation NIST Northrop Grumman Dept. of Veterans Affairs (pending) Philadelphia Orchestra (pending) • New Sponsored Participants • • Slide 39 Speed Art Museum Louisville Medical Center Network (LMCnet) College of Charleston Fernbank Science Center
Internet 2 Network SEGP – 38 States Slide 40
Internet 2 Network International Connectivity Slide 41 http: //international. internet 2. edu/
Last updated: April 2005 Internet 2 Network International Connectivity Europe-Middle East Asia-Pacific Austria (ACOnet) Australia (AARNET) M Luxembourg Belgium (BELNET) China (CERNET, CSTNET, (RESTENA) Croatia (CARNet) NSFCNET) alta (Univ. Malta) Czech Rep. (CESNET) Netherlands (SURFnet) Hong Kong (HARNET) Cyprus (CYNET) Japan (SINET, WIDE, JGN 2) Norway (UNINETT) Denmark Korea (KOREN, KREONET 2) Poland (POL 34) (Forskningsnettet) Singapore (Sing. AREN) Portugal (RCTS 2) Estonia (EENet) Philippines (PREGINET) Qatar (Qatar FN) Finland (Funet) Romania (Ro. Edu. Net) Taiwan (TANet 2, ASNet) France (Renater) Thailand (UNINET, Thai. SARN) Russia (RBnet) Germany (G-WIN) Slovakia (SANET) Greece (GRNET) Slovenia (ARNES) Hungary Spain (Red. IRIS) Algeria (CERIST) (HUNGARNET) Sweden (SUNET) Egypt (EUN/ENSTIN) Iceland (RHnet) Switzerland (SWITCH) Morocco (CNRST) Ireland (HEAnet) United Kingdom Tunisia (RFR) Israel (IUCC) (JANET) South Africa (TENET) Italy (GARR) Turkey (ULAKBYM) Latvia (LATNET) *CERN Lithuania (LITNET) Africa Slide 42 Americas Argentina (RETINA) Brazil (RNP 2/ANSP) Canada (CA*net) Chile (REUNA) Mexico (Red-CUDI) United States (Abilene) Peru (RAAP) Venezuela (REACCIUN-2) Central Asia Armenia (ARENA) Georgia (GRENA) Kazakhstan (KAZRENA) Tajikistan (TARENA) Uzbekistan (UZSCI)
Internet 2 Network International Connectivity Pac. Wave: TANet 2/TWAREN, AARnet, KOREN/KREONet 2, CA*Net 4, GEMNET, REANNZ, Trans. Pac 2 T 640 NGIX-Ames: AARnet GLORIAD, France Telecom (v 6), TANet 2/TWAREN, HARNET, CERN Star. Light: KOREN/KREONet 2, CA*Net 4, ASNet, CERN, JGN 2, SINET MAN LAN: TANet 2/TWAREN, TENET, MCIT/ENERGI, Qatar. FN, CA*Net 4, SURFNet, CERN, GEANT (2), SINET, Nether. Light/IEEAF T 640 Pac. Wave: UNINET, SINET, Qatar. FN, APAN/Trans. Pac 2 TANet 2/TWAREN, Sing. AREN T 640 GEANT NGIX-East: CLARA Atl. Wave: FIU T 640 AMPATH: RNP 2, ANSP, REACCIUN-2 red. CLARA, CUDI via CALREN/Pac. Wave T 640 CUDI via UTEP / UT Slide 43
Internet 2 Network Federal Peering Pac. Wave: DREN, NREN, ESnet T 640 New York: ESnet Star. Light: Tera. Grid, NREN, DREN, NISN, USGS, ESNet NGIX-Ames: NREN, DREN, NISN, USGS T 640 DC: DRAGON NGIX-East: DREN, NISN, NREN, USGS, ESNet T 640 Slide 44
Internet 2 Network Outline • Network Community • Network Overview • Services Slide 45
Internet 2 Network By the Numbers • Built on dedicated fiber from Level(3) Communications – 13, 000+ mile footprint • Deployed and configured over 300 Infinera Network Elements • Day 1 capacity of 100 Gbps • Built 27 custom collocation suites representing 3, 365 sqft of space including: • 91 Racks - Internet 2, ESnet, third-parties • 60 Individual bulk cables with 48 & 96 fiber count • Internet 2 and ESNet NOCs get same, real-time feeds as the Level(3) NOCs in Atlanta & Denver • Developed the Virtual Network Operations Center – Provisioning and Troubleshooting Dashboard Slide 46
Internet 2 Network Slide 47
Internet 2 Network Outline • Network Community • Network Overview • Services Slide 48
Internet 2 Network MAN LAN • Manhattan Landing in New York City • Partnership with NYSERNet, Indiana University, Internet 2 & the IEEAF • High performance exchange facility for R&E networks • Located at 32 Ao. A in NYC - easy interconnection to many national and international carriers and other R&E networks • Peerings with Atlantic Wave international peering fabric • Peering model is open and bilateral • Cost recovery model - minimal connection charges for layer 2 facility, none for layer 1 connections Slide 49
Internet 2 Network Services • Best-Effort High-Speed IP Service • Research IP • Commercial Peering Service • Wave. Co Point-to-Point Transport Services • Dynamic Circuit Network • Physical Connection • 1 or 10 Gigabit Ethernet • OC-192 SONET Slide 50
Internet 2 Network IP Network Services • Carrier class IP service (what is commonly thought of as “Internet 2” or “Abilene” service) • Natively supports IPv 4 and IPv 6, as well leading edge features of IP including multicast for both IPv 4 and IPv 6. • Carried over a dedicated 10 Gbps backbone wave on the Internet 2 Network infrastructure. • 40 Gbps and 100 Gbps are potential future enhancements. • Backhaul to the nearest router is included in the IP connection fee. If a connector would like to go to a different router, they may incur additional fees. • A connector may obtain, at an additional fee, a geographically diverse connection into the network for redundancy; however, this connection is viewed as a backup and the aggregate traffic flow over the primary and redundant circuit must not exceed that of the primary circuit. • An additional IP circuit with no such restriction is also available. [Pricing available on request ] Slide 51
Internet 2 Network Commercial Peering Service • Direct connection between Internet traffic generators or data aggregators and carriers: • Yahoo, Google, You. Tube, etc. - traffic generators • PAIX, Equinix, etc. - point of data aggregation/exchange • large backbone carriers such as tier one providers • Settlement-free • neither party pays the other • voluntary • provides mutual benefit Slide 52
Internet 2 Network Commercial Peering Service Join the growing list of CP Service participants Slide 53
Internet 2 Network Commercial Peering Service • Members leverage their existing Internet 2 Network investments • included in Connectors base network connection fee at no additional cost • savings from reductions in commodity Internet traffic costs • enhanced network performance • net neutral connection Slide 54
Internet 2 Network Commercial Peering Service • Uses the Internet 2 Network • Best in class traffic engineering, filtering, and performance monitoring • Platform based on Juniper T 640 routers • Supported through the Internet 2 Network Operation Center at Indiana University • World class 7 * 24 * 365 operations • Proven record – responsive for over 9 years Slide 55
Internet 2 Network Commercial Peering Service Seattle Chicago Palo Alto Slide 56 New York Additional peering connections are being evaluated • these will continue to improve and diversify our commercial network peering structure
Internet 2 Network Commercial Peering Service If you are a Internet 2 Network Connector • Contact the Internet 2 NOC • • • Slide 57 the NOC will step you through the process establish a second BGP session over a separate v. LAN tune performance noc@net. internet 2. edu (317)-278 -6622
Internet 2 Network Commercial Peering Service If you are an R&E member institution • Internet 2 offers this service to all Internet 2 Network Connectors, who in turn offer it to individual Internet 2 R&E member institutions at their discretion • contact your Internet 2 Network Connector to discuss your request • A list of Connectors is available at www. internet 2. edu/renm/member. cfm • For more info go to www. internet 2. edu/network/cp. html or send an e-mail to network@internet 2. edu Slide 58
Internet 2 Network Dynamic Circuit Network • The DC (Dynamic Circuit) Network automatically provisions circuits across the network, among participants in the dynamic networking control plane and protocol • Supported by connections into the Ciena Core. Directors • Circuits are created by a control plane in which all DCN connectors must participate. • Circuits can have any bandwidth across the Internet 2 infrastructure from 50 Mbps to 10 Gbps • Circuit setup on the DCN is subject to blocking based on available capacity • Circuits are short in duration, no longer than 2 weeks • Circuits are currently not protected • Circuit connections are available to Connectors, members and peers Slide 59
Internet 2 Network Wave. Co Static Circuit Services • Static Circuits refers to circuits that have two fixed endpoints across the Internet 2 circuit infrastructure • Are currently set up manually by the Internet 2 NOC • Can have any bandwidth from 50 Mbps to a full 10 Gbps wave or multiple 10 G waves • Can be provisioned directly over the Infineras (waves) or through the Cienas (sub-rate circuits) • Circuits can be offered both as protected and unprotected; if protected, they may be subject to additional fees • Can be ordered for a period of weeks up to years: 30 Day billing minimum; can be reserved up to one year in advance • Have a fee for service that is based on distance, bandwidth, duration and protection scheme Slide 60
For more information: http: //www. internet 2. edu/network/ http: //i 2 net. blogspot. com network@internet 2. edu heather. martinson@internet 2. edu Thank you! Slide 61
Middleware Renee Woodten Frost Associate Director, Middleware & Security rwfrost@internet 2. edu
Integrated Systems Model 63
64
Middleware Infrastructure • Focus: • Inter-institutional collaboration • Scalable authenticated/authorized access to remote resources • Internet 2 role: • Defining/creating architecture: Shibboleth • Tools to implement: Shibboleth, Grouper, Signet • Infrastructure/Services to scale: In. Common, USHER 65
Internet 2 Middleware: Key Concepts • Use federated administration as the lever - enterprise brokers most services (authentication, authorization, resource discovery, etc. ) in inter-realm interactions • Develop a consistent directory infrastructure within R&E • Provide security while not degrading privacy • Foster inter-realm trust fabrics: federations and virtual organizations • Leverage campus expertise and build rough consensus • Influence the marketplace; develop where necessary • Support for heterogeneity and open standards 66
MACE (Middleware Architecture Committee for Education) • Purpose - to provide advice, create experiments, foster standards, etc. ; create working groups • Membership - Bob Morgan (UW) Chair, Tom Barton (Chicago), Scott Cantor (Ohio State), Steven Carmody (Brown), Michael Gettes (Internet 2), Keith Hazelton (Wisconsin), Paul Hill (MIT), Jim Jokl (Virginia), Scotty Logan (Stanford), Mark Poepping (CMU), David Wasley (retired Univ California), Von Welch (Grid) • International members - Brian Gilmore (Edinburgh), Leif Johansson (Sweden), Diego Lopez (Spain), Rodney Mc. Duff (Australia), Ton Verschuren (Netherlands) 67
National Science Foundation Middleware Initiative (NMI) • NSF program to support & deploy middleware for R & E • Two types of awards • System Integrators - widely used tools & services • EDIT – Internet 2, EDUCAUSE, SURA • Grids – ISI, Wisconsin, Argonne, Michigan, Indiana • Other awards - academic pure research components • Issued periodic NMI releases of software, services, architectures, object classes and best practices • Three rounds of awards – 2001, 2003, and 2007 68
Core Middleware Scope (aka Identity Management functions) • Identity and Identifiers – namespaces, identifier mappings, real world levels of assurance, etc. • Authentication – campus technologies and policies, inter-realm interoperability via PKI, Kerberos, etc. • Directories – enterprise directory services architectures and tools, standard object classes, interrealm and registry services • Authorization – permissions and access controls, delegation, privacy management, etc. • Integration Activities – open management tools, use of virtual, federated and hierarchical organizations, enabling common applications with core middleware 69
Landmark Work • Consensus standards – edu. Person, edu. Org, edu. Member, edu. Course, comm. Object (H. 350) • Best Practices and Deployment Strategies – LDAP Recipe, Group Management, Metadirectories, Enterprise Directory and Authentication Implementation Roadmaps • Tools – KX. 509, LDAP Analyzer, LOOK 70
Landmark Work • Software systems – Open. SAML, Shibboleth, Signet, Grouper • Outreach – CAMPs, presentations, publications, case studies, Extending the Reach program • Services – In. Common Federation, USHER (PKI)
Federated Identity Model • Leverages enterprise identity for inter-realm purposes • Uses local authentication • Allows variety of authentication options • Passes agreed upon authentication and attributes (identifiers, affiliations, memberships, entitlements) • Based on privacy, security, and trust as critical issues • More scalable 73
What is a Federation? A coalition of collaborating organizations • supporting agreed upon policies • leveraging existing identity and resource management technologies to permit fine-grained • privacy control for online individuals and • resource protection for a wide variety of online services and information. Offers flexible, largely scalable privacy- preserving Identity Management infrastructure 74
Federation Fundamentals • Members sign a contract to join • Members must still create Business Relationships with each other • Bilateral relationships can impose additional policy • The Federation does NOT • Collect or assert anything, except the necessary metadata about member signing keys, etc. • Authenticate end users • Provide services, though it may be associated with groups or buying clubs 75
Role of the Federation 1. Agreed upon Attribute Vocabulary & Definitions: Edu. Person: Member of, Role, Unique Identifier, … ! Verified By the Federation rc jo le U D e@ niv Ps r. Jo circ ers SS ych e O le. e ity N P va du 45 ro l 6. f. 78. 9 10 Verified By the Federation Home Affiliation EPPN Given/Sur. Name Title SSN Password #1 2. Criteria for Id. M practices (user accounts, credentialing, etc. ), personal information stewardship, interoperability standards, technologies 3. Digital Certificates 4. Trusted “notary” for all universities and partners 5. and… Metadata Ci Ci rc ID le U D # 1 niv Ps r. Jo 23 ers SS ych e O -321 ity N P va 45 rof l 6. . 78. 9 10 Verified By the Federation Ci rc l An e U Dr ony nive Ps. Jo mo rsi SS ych e O us I ty N Pr val D# 45 of 6. . 78. 9 10 Verified By the Federation
International Research & Education Federations • Mature in many countries , including UK, France, Germany, Switzerland, Netherlands, Norway, Sweden, Spain, Denmark, Australia, etc. • Most are Shibboleth-based; some use other federation products • Scope is usually higher ed, but some are broader (UK, Spain, Netherlands) • Use cases range from content access to collaboration support to learning management systems to wireless roaming to. . 77
In. Common Federation • US Research & Education Federation, an LLC • Addresses legal, LOA, shared attributes, business proposition, etc issues • Participants are universities, service providers, government agencies • Uses range from popular & academic content access to administrative services to wiki & list control to accessing NIH applications to . . www. incommonfederation. org
Key aspects of In. Common • Federation software - Shib v 1. 3 (open-source, standards-based, privacy-preserving federating software - v 2. 0 targeted for release this fall) • Shared attributes & schema - edu. Person based • Lever of authentication • Participant Operational Practices (POP) for LOA today • Bronze and Silver will map to LOA 1 & 2 • Governance/Management • Steering Committee • Operations by Internet 2
In. Common Participation Growth
64 Current In. Common Participants • Higher Education Participants (46) • Sponsored Participants (17) • Government and Non. Profit Laboratories, Research Centers, and Agencies (1) A community of more than 1. 3 Million end users (source: IPEDS)
USHER U. S. Higher Education Root (USHER) Certificate Authority • A public key infrastructure (PKI) supported by the higher education community for emerging deployments in research, education, and transactions in higher education that require PKI. http: //www. usherca. org/ 82
Public Key Infrastructure (PKI) • • Key Pair: Private Key, Public Key Certificate: Public Key bound to an identity, with usage criteria and validation mechanisms Hierarchical chain: Rooted trust Uses: 1. 2. 3. 4. 83 True Digital Signatures Credentials (Authentication of Individuals) Encryption (Privacy) Authentication of Digital Objects
USHER Status • Internet 2 operates the USHER Root CA • Relatively high Level of Assurance (Lo. A) • Issuing campus Authority Certificates since June 2007 • Subscriber Agreement posted • 9 Expected Practices: CA management and current policy/practice of campus identity management 84
Recent Middleware Activities • Authentication - Federation Interoperability In. Common with federal gov’t e-auth federation In. Common with state & national federations • Authorization – Grouper and Signet • Middleware Diagnostics – EDDY toolkit • PKI, USHER • Collaboration Tools, CO-Manage • Virtual Organization Support • Workflow Support 85
Collaboration Tools/Platform • Collaboration = key to academic life, especially for researchers • Over abundance of new collaboration tools • Integration of middleware/IAM tools in support of collaboration (enterprise user database, group management, and privilege management)
Collaboration Management • CO-Manage • Commonly and transparently manage which identities and attributes can use capabilities of collaboration tools • Can offer delegation, privacy management, and maybe even diagnostics • Goal – to develop “platform” for handling identity management aspects of many different collaboration tools
Security 88
Relationship between Middleware and Security • Middleware = well-defined infrastructure layer • Security = more like an attitude, not crisply defined, spans all layers
Integrated Systems Model 90
Security • Much of the middleware work, in its identity management and access control areas, is also a large part of the security space • Security for Internet 2 services • Salsa as the point for member engagement • Development of new security capabilities • Short time horizon • Medium time horizon • Long time horizon 91
Federated Identity Management • Federated identity leverages institutional Identity Management in inter-institutional settings • By itself, federated identity can provide significant security value – enables flexible LOAs, improves privacy, etc. • As a new layer of infrastructure, it can be leveraged to provide new security services • Improved guest access usability & accountability • Privilege management for virtual organizations CAMP Workshop: Bridging Security & Identity Mgmt Tempe, Arizona February 13 -15, 2008 92
Security for Internet 2 Services • Internet 2 Network – network operational security practices for continuous evaluation and improvement • Securely providing trust • In. Common Federation • USHER 93
Salsa • Advisory on issues, priorities, directions • Charters working groups • 10 -12 members representing R&E expertise, chaired by Mark Poepping, CMU • Works in collaboration with the EDUCAUSE/Internet 2 Security Task Force • Facilitates member engagement 94
Near-term Initiatives Computer Security Incidents (CSI 2) • A development working group, chaired by Chris Misra, UMass • Working closely with REN-ISAC at Indiana U • Funded in part by Dept of Justice grant • Facilitating secure exchange of real-time security information; aimed at incident handlers • Augmenting the diminishing value of signature analyses (due to encrypted attacks) with statistical analyses 95
Near-term Initiatives CSI 2 Working Group (cont) Requirements include: • • Taxonomy, syntax & semantics of security events A protocol for the exchange (IODEF) Trusted parties for the transmission Third party facilitation for “ripple effects” and statistical analyses, working with the REN-ISAC • Policy cover Outcomes to date: • RENOIR reporting system for sharing information regarding security incidents within an inter-institutional trust community • Shared Darknets project - wide aperture analyses 96
Near-term Initiatives Disaster Planning & Recovery • Explore • contingency planning; • developing & testing recovery plans, policies, & procedures; • Warm/hot site strengths, weaknesses, potential pitfalls; • contractual & SLA models and guidance for • Develop set of best practices & services Chaired by Don Mc. Leod, Cornell 97
Near-term Initiatives • DNSSEC - advisory group on adopting DNSSEC; has begun a cross-signing project, to sign at least one of their zones and exchange trust anchors to mutually validate their DNS records. • Net. Guru - a periodic meeting of senior network and security engineers; a forum to engage in discussion of timely topics. 98
Mid-term Security Initiatives • Netauth – improving the act of network connection • Effective mechanisms • Safely including isolation and remediation • FWNA – federated wireless network access • Using local authentication and attributes to connect the roaming user • Intends to tie in with eduroam – www. eduroam. nl 99
Long-term Security Initiatives Reconnections • Identifying issues in managing advanced academic networks • Workshop October 2005 • Report at http: //security. internet 2. edu/rtp/docs/internet 2 reconnections-proceedings-200603. html/ • Follow-up interactions with GENI & other efforts • Engagement with next-generation protocols • Engagement with vendors on silent failures, integration of identity management, etc. 100
Ann Doyle DISCIPLINE COMMUNITIES 101
High Energy and Nuclear Physics (HENP) • Physicists are generating Terabytes of data (1, 000, 000 or 1 x 1012) per experiment from the CERN lab in Switzerland • Types of network usage: • Bulk data transfers • multicast and low-latency/jitter networks for effective video conferencing 102
NEES – Earthquake Research • Remote control of computer simulations • Video is crucial for conferencing and as scientific data • Types of network usage: • Remote control of resources • Bulk data transfer and distributed data storage • Video as data 103
VLBI • Astronomers collect data about a star from earth based antennae. • End goal is to send data at 1 Gb/s from over 20 antennae located around the globe. 104 Types of network usage: • Long time duration data streaming • Distributed data storage, real-time dynamic retrieval, and distributed processing
University of Southern California Shoah Foundation Institute For Visual History and Education • A 180 terabyte multimedia archive of Holocaust testimonies • Currently being accessed by • • 105 University of Southern California Rice University Yale University of Michigan
Master Classes Active involvement… • • • Columbia University Manhattan School of Music Cleveland Institute of Music New World Symphony Curtis Institute of Music University of Michigan Eastman School of Music University of Oklahoma Florida State University Wayne State University Indiana University And many others…… Michael Tilson Thomas Pinchas Zukerman 106
Bradley University: The Adding Machine (Elmer Rice's 1923 classic play) • Bradley University • University of Central Florida • University of Waterloo • Multicast DVTS 107
Key Health Science Members • 112 Academic Medical Colleges (AAMC) and their medical centers • 130 Health Science related colleges • Public Health, Nursing, Dentistry, Pharmacy • Affiliate Members • NIH, NSF, NASA, NOAA • Howard Hughes Medical Institute • Pharmaceutical Companies • Johnson & Johnson, Pfizer, Eli Lilly • Industry • Cisco, IBM, Microsoft, SUN, Polycom, Haivision • Partnership with Health Information Management Systems Society (HIMSS) 108
Biotech Data's BIG BANG It's like Moore's Law on steroids: The total volume of biological data worldwide, having doubled every 18 months in recent years, is now doubling every half a year to three months. And this isn't a momentary spike, but a long-term trend that may require new ways to measure, analyze and mine biological databases. Chappell Brown EE Times (04/25/2005) 109
EACH BRAIN REPRESENTS A LOT OF DATA Comparisons must be made across several image sets Slide courtesy of Arthur Toga (UCLA) 110
Research Team of the Future: Cancer Biomedical Informatics Grid • Global Cancer Research Community • Grid deployment to Cancer Centers • Bioinformatics infrastructure • Public data sources Funded by: NCI/NIH 111 http: //cabig. nci. nih. gov/
112
Cyberinfrastructure Russ Hobby, Internet 2 Member Meeting 8 October 2007
Cyberinfrastructure? • Ask any number of people “What is Cyberinfrastructure? ” and you will probably get an equal number of definitions • We need a common understanding of CI in order to build and operate it.
Cyberinfrastructure Vision at NSF’S CYBERINFRASTRUCTURE VISION FOR 21 ST CENTURY DISCOVERY http: //www. nsf. gov/od/oci/ci-v 7. pdf
The Nature of Research Today • Discipline groups working on a common project. • The groups are made of researchers from multiple institutions. • They use the network in support of Virtual Organizations (VOs)
Example Researcher using CI Jane is an environmental researcher and is going to find a solution to Global Warming. To do this she needs to collect and store data, do analysis of the data and run some simulation models to test her hypothesis. She will share ideas, data and results with her Discipline Group. Here are her steps in using CI
Control Instruments to Gather Data Instrumentation Control Researcher Control
Security and Access Control Instrumentation Control Researcher Security Control Security Management Security and Access Control Authentication Authorization
Data Transfer and Storage Instrumentation Control Researcher Security Data Generation Control Security Management Security and Access Control Authentication Authorization Security Input Data Sets Storage
Data Analysis Instrumentation Control Researcher Security Data Generation Program Security Control Management Security and Access Control Authentication Authorization Security Analysis Computation Program Input Retrieval Data Sets Storage
Visualization Instrumentation Control Researcher Security Viewing Data Generation Program Security Control Management Security and Access Control Authentication Authorization Security Analysis Simulation Computation Program Input Retrieval Data Sets Storage Search Display Tools Data. Input Security Display and Visualization
Simulation and Viewing Instrumentation Control Researcher Security Viewing Data Generation Program Security Control Management Security and Access Control Authentication Authorization Security Analysis Simulation Computation Program Input Retrieval Data Sets Storage Search 3 D Imaging Display Tools Data. Input Security Display and Visualization
Sharing, Collaboration, Publishing and Outreach Instrumentation Control Help Desk Researcher Security Viewing Data Generation Program Security Human Support Collab Tools Control Training Education And Outreach Publishing Management Security and Access Control Authentication Authorization Security Analysis Simulation Computation Program Input Archive Retrieval Data Sets Storage Search Data Directories Schema Metadata Ontologies 3 D Imaging Display Tools Data. Input Security Display and Visualization
Jane goes after new grant Instrumentation Control Help Desk Researcher Security Viewing Data Generation Program Security Collab Tools Control Funding Agencies Authentication Security Analysis Simulation Computation Program Education And Outreach Publishing Resource Providers Campuses Authorization Security Training Policy and Funding Management Security and Access Control Human Support Input Archive Retrieval Data Sets Storage Search Data Directories Schema Metadata Ontologies 3 D Imaging Display Tools Data. Input Security Display and Visualization
Cyberinfrastructure Functions and Resources Instrumentation Control Help Desk Researcher Security Viewing Data Generation Program Security Collab Tools Control Funding Agencies Authentication Security Analysis Simulation Computation Program Education And Outreach Publishing Resource Providers Campuses Authorization Security Training Policy and Funding Management Security and Access Control Human Support Input Archive Retrieval Data Sets Storage Search Data Directories Schema Metadata Ontologies 3 D Imaging Display Tools Data. Input Security Display and Visualization
The Network is the Backplane for the Distributed CI Computer Instrumentation Control Help Desk Researcher Security Viewing Data Generation Program Security Collab Tools Control Policy and Funding Management Security and Access Control Funding Agencies Authentication Security Analysis Simulation Computation Program Input Archive Retrieval Data Sets Storage Search Data Directories Schema Metadata Ontologies Training Education And Outreach Publishing Network Resource Providers Campuses Authorization Security Human Support 3 D Imaging Display Tools Data. Input Security Display and Visualization
Campus IT Cyberinfrastructure Players Security ID Mang Data Center Network National Grad Students Regional Security/ Access Coordinators Federal Agencies Discipline Groups Libraries Supercomputer Sites Software Development International Regional Grid Orgs Educational Organizations OGF Publishers Collections Organizations National Computation Storage Staff Regional Network Providers Discipline Support Faculty National International Researchers Physical Science Biological Science. Policy/ Leadership/ Funding Medicine Other Disciplines Discipline Groups
Traditional Grid Computing • Built by Supercomputer Sites or in Researcher’s Labs • Support internal to discipline • Campus IT generally not involved • There have been problems with facilities in researcher’s labs (power, HVAC, network)
Moving into CI • Disciplines new to CI are doing their planning, but expect others to provide it. • Campus IT organizations starting to get more involved • Supporting organizations are figuring out how to work together.
Who Worries about the Network? • Generally not the Researchers • Those that provide services to the researchers • The discipline IT support group • Campus IT organizations • Supercomputer sites • Grid Organizations
CI is not just for Researchers The current focus on CI is its use by Researchers. However this is an emerging technology that will be used by all, just as the individual computer and the Internet has become a regular work tool.
CI Days Workshops Tera. Grid, Open Science Grid, NLR, Internet 2, EDUCAUSE, and the IRNC have come together to try to help better understand the CI picture, and to better coordinate functions and roles in the creation of this infrastructure. One activity started by this group is “CI Days” held for campuses to assist in their CI planning. This workshop brings together players from the campus, region and nation to share information and plan how to provide CI functions for the campus. The national and regional groups will also learn the campus needs to help better direct the evolution of the services.
UC Davis CI Days • Focused on Research use of CI • Co-hosted by the CIO and Vice Provost for Research • Presentations from National and Regional Organizations, Campus Colleges and IT. • Breakout Group discussions with reports to start the planning process • http: //vpiet. ucdavis. edu/cyberinfrastructure. cfm
Regional CI Days • Serve as a way to scale CI Days • Representatives from campuses can go home and expand the experience for their campus environment • What format? • Use host campus as a case study? • Just cover methodology for CI Days? • In the queue • NYSGrid • New Mexico
Other Activities • Presentations and Workshops • CI Days Web/Wiki • Collect Campus CI Plans • Let campuses share their plans with others on the CI Days Wiki
Russ’ CI Vision Set of tools and resources that allow: • Computation and Storage to easily allow transition from the desktop, to the campus resource, to the regional center, to national super centers using the same software. • Data repositories in formats and locations to allow ease of sharing among all interested disciplines (the real digital library!) • Tools to allow people to easily construct systems to analyze, visualize and simulate their research subjects. • Collaboration tools that allow people to work together like they are in the same room, even if they aren’t.
More Info: Membership – Marianne Smith melser@internet 2. edu Network – Heather Martinson heather 2@internet 2. edu Middleware – Renee’ Frost rwfrost@internet 2. edu Discipline Communities – Ann Doyle adoyle@internet 2. edu Cyberinfrastructure – Russ Hobby rdhobby@internet 2. edu
140