Discovery Network Description and Proposed I2 Implementation 1 The - - PowerPoint PPT Presentation

discovery network
SMART_READER_LITE
LIVE PREVIEW

Discovery Network Description and Proposed I2 Implementation 1 The - - PowerPoint PPT Presentation

Mar 06, 2023 39 likes •191 views

Discovery Network Description and Proposed I2 Implementation 1 The Point Main users of I2 likely not permitted on FS network Russia project (Rackspace) Air quality forecasting (NWS / Direct Broadcast) Anything Cray Anything

slide-1
SLIDE 1

1

Discovery Network

Description and Proposed I2 Implementation

slide-2
SLIDE 2

2

The Point

  • Main users of I2 likely not permitted on FS

network

– Russia project (Rackspace) – Air quality forecasting (NWS / Direct Broadcast) – Anything Cray – Anything w/non-I2 external collaborators

  • So...connect I2 to something we can use.
slide-3
SLIDE 3

3

What we need

  • Collect our “banished applications” under one

umbrella for easier management.

  • Retain ability to collaborate with external

parties.

slide-4
SLIDE 4

4

Proposal

  • Create a space for Research
  • Connect I2 to that
slide-5
SLIDE 5

5

Vision/Requirements

slide-6
SLIDE 6

6

Requirements (Access)

  • Users on the FS Network can seamlessly access items on the Discovery Net-

work or on the web.

  • Users on the Discovery Network cannot access the FS Network.
  • The Discovery Network (DN) is divided into the "Public Discovery Network"

(WebDN) and the "Protected Discovery Network" (PDN)

  • Protected Discovery Network Access

Users on the PDN can seamlessly access items on Internet2 or the web.

The PDN is the "default" network assigned to unrecognized ma- chines connected to the local physical network.

  • Public Discovery Network Access

WebDN accepts inbound traffic from the public internet.

slide-7
SLIDE 7

7

Requirements (Services)

  • Users on the Discovery Network can authenticate using Forest Service Active

Directory or the External Users Active Directory.

  • Users on the Discovery Network have access to the printers in the building.
  • A well defined portion of the External Users Active directory is locally managed

(either directly or via tickets).

  • DNS and DHCP provide human readable, locally managed names to recognized

machines on the Discovery Network. The namespace should be something under fs.usda.gov.

  • DHCP may be locally configured (or requested to be configured) to allow specific

machines a static IP address.

  • Remote users (FS or external) can VPN in to the PDN.
  • Remote servers can VPN into the PDN or WebDN.
  • Separate, locally managed, firewalls must be set up between the public internet, PDN

and WebDN.

slide-8
SLIDE 8

8

Requirements (Permission)

  • Activities and software on the Forest Service

network are forbidden unless specifically permitted.

  • Activities and software on the Discovery

Network are permitted unless specifically forbidden.

slide-9
SLIDE 9

9

Observation

  • Firewall separating FS network from Discovery

network can be same as FS ↔ Public Internet

slide-10
SLIDE 10

10

Local Scale Implementation

slide-11
SLIDE 11

11

Analogies

  • NWS net = FS net
  • Cray Network = Discovery Network
  • DSL line = Internet2 (ish)
slide-12
SLIDE 12

12

Local scale status

  • Cisco 3560 switch configured for traffic isolation

at level2

  • Need to configure firewall/router to connect the

pieces

– Intend to connect Cray net to DSL – Connection of NWS to Cray net is certain – NWS ↔ DSL requires a great deal of care, may

be skipped

slide-13
SLIDE 13

13

Relationship to I2

  • CIO “scales up” my local implementation using

analogy

– multiple switches – remote administration/mgmt – method to request firewall changes (tickets?)

slide-14
SLIDE 14

14

Desired Result

  • Collaboration ability retained
  • Provide environment for banished applications
  • CIO assumes responsibility for networks
  • Solution can be deployed elsewhere
slide-15
SLIDE 15

15

Questions?