National Knowledge Network Status, Services & Challenges Second - - PowerPoint PPT Presentation

National Knowledge Network

Second NKN Annual Workshop 17th October 2013

Status, Services & Challenges

NKN:- Member

NKN

Educational Institutions

National Labs CDAC/CSIR/DAE/ISRO/ICAR/MoES

INTERNET Connections to Global Networks (e.g. GEANT/TEIN4) EDUSAT IIT/IIM/Universities NIT/ Medical Colleges /Hospitals /ICMR National / State Data Centers/ Networks National Internet Exchange Points (NIXI) Security Agencies

NKN:- Status of Connectivity

Particulars 2013-14 Super Core PoPs

07

Core PoPs

24

Total number of institutes to be allocated under NKN

1500 (Further, 400 institutes to be migrated from NMEICT)

No of Institutes allocated to TSPs for connectivity (till date)

985

No of Institutes commissioned under NKN

823

No of Institutes migrated from NMEICT to NKN

283

Total no of core links allocated ( more details in table below)

89

Total no of district links allocated (more details in table below)

250 (Total 850 to be allocated)

NKN:- Status of Connectivity

Member Institutes

TSP Institutes (Allotted) Institutes (Provisioned/Comm issioned)

BSNL 138 113/113 RAILTEL 373 340/300 PGCIL 343 315/296 MTNL 63 52/52 NKN 68 62/62 District Links (1 Gbps)

TSP Link s (Allot ted) Links (Provisioned/Commissioned)

RAILTEL

128 111/41

PGCIL

104 52/38

BSNL

18 14/13

Applications

Applications

Virtual Classroom

NKN: National Research Network

Research

Research Infra Scientists Inter- disciplinary Goal

Coherent Synergy Synergistic Growth Across Disciplines

Application Grid

Application Grids Brain Grid

NKN Services

The NKN Authentication Framework

“The LDAP PaaS”

• Cloud based LDAP Server
• Facility to replicate any other directory server

situated at institute level “The NKN Application Token Manager“

• Open authentication server for third party

applications to integrate into NKN's single sign-on service delivery framework.

The NKN BitAmbulator

Cloud based multitenant storage service which provides configurable amount of storage on cloud to NKN members. The platform is available on web & on android. The authentication is done through the NKN's authentication framework hence it also enables end institutes to manage their

• wn users

Contact us: support.store@nkn.in

Bandwidth Monitoring Service

Bidirectional bandwidth tests between your desktop computer and the server located at NKN Point of Presence (PoP). This service also determines the bandwidth available in the NKN super core network by performing bandwidth test on NKN super core links. Servers located at NKN super core PoPs (Delhi, Hyderabad, Bangalore, Chennai, Kolkata, Mumbai and Guwahati). Contact us: support.perf@nkn.in

Open Source IP Registrar (OSIR)

OSIR is a full feature solution that provides Dynamic Host Configuration Protocol (DHCP) service and delivers client management feature. Contact us: support.osir@nkn.in

Auto Installation Link Management Policy Management Lease Management Client Management Failover Management

OSIR

Smart Class

Based on e-learning technology benefitting remotely based school and colleges to meet the demand of good teachers and quality education. At present, around 50 institutes and colleges are connected and attending expert lectures delivered from academy of administration Bhopal using smart class facility along with teachers of their local institutions. Contact us: support.mp@nkn.in

DNS Cache Servers

The server IP is 14.139.5.5 (anycast)

Contact us: support.dns@nkn.in

NKN Cloud

Request Reply Request Reply

DNS Zone Servers

Zone transfer to NKN DNS slave server on NKN cloud

Contact us: support.dns@nkn.in

NKN Cloud

Domain.ac.in

Internet DNS Root Servers

Reply

DNS Institute

Reply

Domain.ac.in Zone transfer to NKN Domain.ac.in

Reply

Domain.ac.in

Reply

MX Service

Contact us: support.mx@nkn.in

NKN Cloud

Email to domain.in

Institute Internet

Scan Mails Scanned Mails

Relay Service

This service is primarily used by applications in Data Centres of various Institutions that are configured for sending mails as part of the feedback /intimation process to users. Contact us: support.mx@nkn.in

SMS Gateway Service

This service is useful for the users/application to send alert notification using SMS

Contact us: smssupport@nkn.in PUSH Service used by application to send alert SMS like notifications, information etc PULL Service used by user to query the application and gets required information in reply using SMS Email to SMS User gets email notification as SMS. Notification also includes the content

• f the email

Challenges -----”A Few “

Central Log Collection & Management Identification of Risks / Threats & Attacks Configuration Management Core Link Bandwidth Management/ Failure Management

Core Link Bandwidth Management/ Failure Management

Traffic Indications on Various Links ( Profile) Visualising how traffic moves Movement of Traffic through optimised path ( Failure Management)

Analyze Routing Behaviour

Traffic Rerouting on the fly to accommodate predicted traffic increase

Centralize Log Collection and Monitoring

Logging is critical to understanding the events taking place on the network

This includes fault management as well as security management Logs aid in understanding current, as well as historic security events

Logs should be stored centrally on a secure, highly available server In addition to being collected, logs must be monitored for signs of unauthorized events

A structured approach to log review should be implemented

Log Anonymity( Data for Research )

Configuration Management

A process by which configuration changes are proposed, reviewed, approved, and deployed In this context, three aspects of configuration management are critical

Impact of proposed changes: the security ramifications of network changes much be understood Security of stored data: network device configurations contain sensitive data and must be stored securely Archival: helps unwind changes that may have been made maliciously or with negative security impact

Work in Progress to Develop the NMS ( catering to NKNs requirements and also adhering to FCAPS)

Identification of Risks / Threats & Attacks

Attacks Description

Resource Exhaustion Attacks Denial Of Service attack: Either Direct, transit, through reflection. Spoofing Attacks Packets that masquerades details like source IP address to gain access which otherwise was denied. Transport Protocol Attacks Prevents upper-layer communication between hosts

• r hijacks established session

Exploits previous authentication measures Enables eavesdropping or false data injection Routing Protocol Attacks Disrupts routing protocol peering or redirects traffic

• flows. ( Like a device can act as a router and

participate with the other legitimate ones)

Identification of Risks / Threats & Attacks

Attacks Description

IP control- plane / IP Services Attacks against DHCP, DNS, NTP & anything that punts CPU Unauthorized Access Attempts to gain unauthorized access to restricted systems and networks. ( AAA) Software Vulnerabilities Software defect that may compromise confidentiality, integrity, or availability of the device and data plane traffic. (Latest Patches)

Mid Range Router Mid Range Router Mid Range Router Mid Range Router Topology Creation and Management Based on Dark Fiber

Secure Network Access System Secure Network Access System Secure Network Access System Secure Network Access System

Indigenization

Network Management System Network Analytics Information Search Engine

C E D E E E Typical ICT Infrastructure D D D C End System Security Architecture Resilience, Survivability

Src: Prof SVR

Coming Up Soon

• Webcasting Services ( Live & VOD)
• CDN
• URL Filtering Services ( Out of band)
• DDOS Protection Services

Thank You

Project Implementation Unit National Knowledge Network National Informatics Centre 3rd Floor, Block III, Delhi IT Park, Shastri Park, New Delhi - 110053