the science dmz
play

The Science DMZ Eli Dart, Energy Sciences Network (ESnet) TERENA - PowerPoint PPT Presentation

Dec 10, 2023 •307 likes •681 views

The Science DMZ Eli Dart, Energy Sciences Network (ESnet) TERENA Network Architects and TF-NOC Prague, Czech Republic November 13, 2013 Outline Motivation The Science DMZ Design Pattern Security Futures Wrap 10/31/13

  1. The Science DMZ Eli Dart, Energy Sciences Network (ESnet) TERENA Network Architects and TF-NOC Prague, Czech Republic November 13, 2013

  2. Outline • Motivation • The Science DMZ Design Pattern • Security • Futures • Wrap 10/31/13 2 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  3. Motivation Networks are an essential part of data-intensive science • Connect data sources to data analysis • Connect collaborators to each other • Enable machine-consumable interfaces to data and analysis resources (e.g. portals), automation, scale Performance is critical • Exponential data growth • Constant human factors • Data movement and data analysis must keep up Effective use of wide area networks by scientists has historically been difficult 10/31/13 3 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  4. The Central Role of the Network The very structure of modern science assumes science networks exist: high performance, feature rich, global scope What is important? 1. Correctness 2. Consistency 3. Performance What is “The Network” anyway? • “The Network” is the set of devices and applications involved in the use of a remote resource − This is not about supercomputer interconnects − This is about data flow from experiment to analysis, between facilities, etc. • User interfaces for “The Network” – portal, data transfer tool, workflow engine • Therefore, servers and applications must also be considered 10/31/13 4 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  5. TCP – Ubiquitous and Fragile Networks provide connectivity between hosts – how do hosts see the network? • From an application’s perspective, the interface to “the other end” is a socket • Communication is between applications – mostly over TCP TCP – the fragile workhorse • TCP is (for very good reasons) timid – packet loss is interpreted as congestion • Packet loss in conjunction with latency is a performance killer • Like it or not, TCP is used for the vast majority of data transfer applications Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  6. A small amount of packet loss makes a huge difference in TCP performance With loss, high performance Local (LAN) beyond metro distances is essentially impossible International Metro Area Regional Continental Measured (TCP Reno) Measured (HTCP) Theoretical (TCP Reno) Measured (no loss) 11/11/13 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  7. Working With TCP In Practice Far easier to support TCP than to fix TCP • People have been trying to fix TCP for years – limited success • Like it or not we’re stuck with TCP in the general case Pragmatically speaking, we must accommodate TCP • Sufficient bandwidth to avoid congestion • Zero packet loss • Verifiable infrastructure − Must be able to prove a network device or path is functioning correctly − Small footprint is a huge win – small number of devices so that problem isolation is tractable Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  8. The Science DMZ Design Pattern Effective support for TCP-based data transfer • Designed for correct, consistent, high-performance operation • Easy to troubleshoot • Cybersecurity – defensible without compromising performance Borrow ideas from traditional network security • Traditional DMZ – separate enclave at network perimeter (“Demilitarized Zone”) − For WAN-facing services − Clean policies − Well-supported by proper hardware • Do the same thing for science – Science DMZ 11/11/13 8 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  9. Science DMZ Design Pattern Components Dedicated Performance Network Systems for Testing & Architecture Data Transfer Measurement perfSONAR Data Transfer Node Science DMZ • Enables fault isolation • High performance • Dedicated location for • Verify correct operation • Configured specifically Data Transfer Node • Widely deployed in for data transfer • Appropriate security ESnet and other • Proper tools • Easy to deploy - no networks, as well as need to redesign the sites and facilities whole network 11/12/13 9 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  10. Science DMZ – Network Architecture Dedicated Performance Network Systems for Testing & Architecture Data Transfer Measurement perfSONAR Data Transfer Node Science DMZ • Enables fault isolation • High performance • Dedicated location for • Verify correct operation • Configured specifically Data Transfer Node • Widely deployed in for data transfer • Appropriate security ESnet and other • Proper tools • Easy to deploy - no networks, as well as need to redesign the sites and facilities whole network 11/11/13 10 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  11. Science DMZ Design Pattern (Abstract) Border Router Enterprise Border perfSONAR Router/Firewall WAN 10G 10GE Site / Campus 10GE Clean, access to Science High-bandwidth DMZ resources WAN path perfSONAR 10GE Site / Campus LAN Science DMZ Switch/Router 10GE perfSONAR Per-service security policy control points High performance Data Transfer Node with high-speed storage 11/7/13 11 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  12. Local And Wide Area Data Flows Border Router Enterprise Border perfSONAR Router/Firewall WAN 10G 10GE 10GE Site / Campus Clean, access to Science High-bandwidth DMZ resources WAN path perfSONAR 10GE Site / Campus LAN Science DMZ Switch/Router 10GE perfSONAR Per-service security policy control points High performance High Latency WAN Path Data Transfer Node Low Latency LAN Path with high-speed storage 11/11/13 12 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  13. Supercomputer Center Deployment High-performance networking is assumed in this environment • Data flows between systems, between systems and storage, wide area, etc. • Global filesystem often ties resources together − Portions of this may not run over Ethernet (e.g. IB) − Implications for Data Transfer Nodes “Science DMZ” may not look discrete • Most of the network is in the Science DMZ • This is as it should be • Appropriate deployment of tools, configuration, policy control, etc. Office networks can look like an afterthought, but they aren’t • Deployed with appropriate security controls • Office infrastructure need not be sized for science traffic Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  14. Supercomputer Center Border Router Firewall WAN Routed perfSONAR Offices Virtual Circuit Core perfSONAR Switch/Router Front end switch Front end switch perfSONAR Data Transfer Nodes Supercomputer Parallel Filesystem 11/11/13 14 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  15. Supercomputer Center Data Path Border Router Firewall WAN Routed perfSONAR Offices Virtual Circuit Core perfSONAR Switch/Router Front end switch Front end switch perfSONAR Data Transfer Nodes High Latency WAN Path Supercomputer Low Latency LAN Path Parallel Filesystem High Latency VC Path 11/11/13 15 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  16. Major Data Site Deployment In some cases, large scale data service is the major driver • Huge volumes of data – ingest, export • Big infrastructure investment Single-pipe deployments don’t work • Everything is parallel − Networks (Nx10G LAGs, soon to be Nx100G) − Hosts – data transfer clusters, sets of DTNs − WAN connections – multiple entry, redundant equipment • Any choke point (e.g. firewall) causes problems Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  17. Data Site – Architecture Virtual Circuit VC Border Provider Edge HA Routers WAN Firewalls Routers VC Virtual Circuit perfSONAR perfSONAR Site/Campus LAN Data Transfer Cluster Data Service Switch Plane perfSONAR 11/11/13 17 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  18. Data Site – Data Path Virtual Circuit VC Border Provider Edge HA Routers WAN Firewalls Routers VC Virtual Circuit perfSONAR perfSONAR Site/Campus LAN Data Transfer Cluster Data Service Switch Plane perfSONAR 11/11/13 18 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

  19. Common Threads Two common threads exist in all these examples Accommodation of TCP • Wide area portion of data transfers traverses purpose-built path • High performance devices that don’t drop packets Ability to test and verify • When problems arise (and they always will), they can be solved if the infrastructure is built correctly • Small device count makes it easier to find issues • Multiple test and measurement hosts provide multiple views of the data path − perfSONAR nodes at the site and in the WAN − perfSONAR nodes at the remote site 11/11/13 19 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WELCOME TO UTS:SCIENCE UTS:SCIENCE science.uts.edu.au science.uts.edu.au ACKNOWLEDGMENT OF

WELCOME TO UTS:SCIENCE UTS:SCIENCE science.uts.edu.au science.uts.edu.au ACKNOWLEDGMENT OF

Welcome to UTS:SCIENCE WELCOME TO UTS:SCIENCE UTS:SCIENCE science.uts.edu.au science.uts.edu.au ACKNOWLEDGMENT OF COUNTRY I would like to acknowledge the Gadigal People of the Eora Nation upon whose ancestral lands this Campus now stands

529 views • 28 slides
participate independently Assessments Diagnostic : understanding of science and

participate independently Assessments Diagnostic : understanding of science and

Activity 2: Citizen Science + Open Science Guided Presentation Grades: 9-12 Time: 45 minutes Location: Classroom Big Ideas/Themes Biodiversity and Society Citizen Science and Open Science Science Practices and Skills Essential

304 views • 4 slides
Your Degree Bachelor of Science in Actuarial Science BSc(Actuarial Science)

Your Degree Bachelor of Science in Actuarial Science BSc(Actuarial Science)

Your Degree Bachelor of Science in Actuarial Science BSc(Actuarial Science) BSc(ActuarSc) BSc(AC) Department of Statistics and Actuarial Science Faculty of Science (6 Departments/School) The University of Hong Kong (10

723 views • 24 slides
What Is Science? Chapter 1 Lesson 1 Textbook pages 4 - 9 What Science Is and Is Not Science

What Is Science? Chapter 1 Lesson 1 Textbook pages 4 - 9 What Science Is and Is Not Science

What Is Science? Chapter 1 Lesson 1 Textbook pages 4 - 9 What Science Is and Is Not Science is not a collection of unchanging beliefs about the world. Scientific ideas are open to testing, discussion, and revision. Science is subject to

628 views • 20 slides
From Science to Praxis opportunities and challenges Dr. Peter Moll Senior Science & Science

From Science to Praxis opportunities and challenges Dr. Peter Moll Senior Science & Science

Rannskna ing 27 April 2015 Reykjavik From Science to Praxis opportunities and challenges Dr. Peter Moll Senior Science & Science Policy Advisor Science Development moll@science-development.de Origin of science disciplines

482 views • 22 slides
Honni soit qui mal y science A little stroll through science, bad science... and statistics

Honni soit qui mal y science A little stroll through science, bad science... and statistics

Honni soit qui mal y science A little stroll through science, bad science... and statistics Guy Tremblay Professeur titulaire Dpartement dinformatique http://www.labunix.uqam.ca/~tremblay_gu Dept. of CS & SE Concordia University

2.55k views • 193 slides
Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER

Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER

Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER SCIENCE? DATA SCIE DA SCIENCE: ST STATIS ISTICS TICS OR OR CO COMPU MPUTER ER SCIEN SCIENCE? IMPLICATIONS FOR STATISTICS EDUCATION IMPLIC ICATION

608 views • 24 slides
Hollywood Science Hollywood Science Science and Transgression: Crossing Forbidden

Hollywood Science Hollywood Science Science and Transgression: Crossing Forbidden

Hollywood Science Hollywood Science Science and Transgression: Crossing Forbidden Boundaries Science and Science-fiction: The Endless Runway Science and Science-fiction: The Endless Runway https://youtu.be/QIb8n4bn9-Q Popular Science

1.01k views • 55 slides
WELCOME TO UTS:SCIENCE UTS:SCIENCE UTS CRICOS PROVIDER CODE: 00099F science.uts.edu.au

WELCOME TO UTS:SCIENCE UTS:SCIENCE UTS CRICOS PROVIDER CODE: 00099F science.uts.edu.au

Login to: https://respond.cc Enter session key: 141312 Answer the question and submit WELCOME TO UTS:SCIENCE UTS:SCIENCE UTS CRICOS PROVIDER CODE: 00099F science.uts.edu.au Associate Professor Peter Meier Associate Dean Teaching and

845 views • 33 slides
SCIENTISM Is science opposed to the Catholic worldview? Definitions Science Science is

SCIENTISM Is science opposed to the Catholic worldview? Definitions Science Science is

SCIENTISM Is science opposed to the Catholic worldview? Definitions Science Science is an activity that seeks to explore the natural world using well-established, clearly-delineated methods. Empirical Quantifiable

180 views • 6 slides
MS, The Bulgarian experience Ayurveda, the science of future u Science of life u Science that

MS, The Bulgarian experience Ayurveda, the science of future u Science of life u Science that

MS, The Bulgarian experience Ayurveda, the science of future u Science of life u Science that identifies the individual and treats it. u Kriyakala or science that identifies disease earlier. u Considering mind and body as a whole ( whole more

533 views • 24 slides
One Delta, One Science 1 1 . 1 9 . 2 0 An Update on Delta Science Activities Amanda Bohl,

One Delta, One Science 1 1 . 1 9 . 2 0 An Update on Delta Science Activities Amanda Bohl,

One Delta, One Science 1 1 . 1 9 . 2 0 An Update on Delta Science Activities Amanda Bohl, Special Assistant for Planning and Science Science Needs Assessment (SNA) & Science Action Agenda (SAA) The SNA and SAA efforts are complementary

370 views • 14 slides
Interesting Design Science with Old Science Wrappers Richard Baskerville Jan Pries-Heje Georgia

Interesting Design Science with Old Science Wrappers Richard Baskerville Jan Pries-Heje Georgia

Interesting Design Science with Old Science Wrappers Richard Baskerville Jan Pries-Heje Georgia State University Agenda Old Science Wrappers for Design Science P Science Old science New science New science theory P Sustained

645 views • 27 slides
The Emergence of Web Science B E B O W H I T E E C O M - I C O M E X P E R T A D D R E S S S

The Emergence of Web Science B E B O W H I T E E C O M - I C O M E X P E R T A D D R E S S S

The Emergence of Web Science B E B O W H I T E E C O M - I C O M E X P E R T A D D R E S S S E R I E S F E B R U A R Y 2 0 0 9 Caveats I am a collaborator with the Web Science Research Institute (WSRI) Opinions about Web Science

737 views • 25 slides
Science Fair VES First Science Fair March 2, 2017 After Curriculum Night Why Do A Science Fair

Science Fair VES First Science Fair March 2, 2017 After Curriculum Night Why Do A Science Fair

Science Fair VES First Science Fair March 2, 2017 After Curriculum Night Why Do A Science Fair Project? Practice scientific thinking and problem-solving & improvising when a procedure doesnt work out as predicted. Strengthen math

603 views • 32 slides
Science Opera+ons Phil Edwards | Head of Science

Science Opera+ons Phil Edwards | Head of Science

Science Opera+ons Phil Edwards | Head of Science Opera0ons 24 November 2014 CSIRO ASTRONOMY & SPACE SCIENCE Outline 2015APR proposal

554 views • 33 slides
Information Recovery from Pairwise Measurements A Shannon-Theoretic Approach Yuxin Chen ,

Information Recovery from Pairwise Measurements A Shannon-Theoretic Approach Yuxin Chen ,

Information Recovery from Pairwise Measurements A Shannon-Theoretic Approach Yuxin Chen , Changho Suh , Andrea Goldsmith Stanford University KAIST Page 1 Recovering data from correlation measurements A large collection of

691 views • 49 slides
BOE August 17, 2020 Opening School Recommendation What have we learned? Enrollment Intentions by

BOE August 17, 2020 Opening School Recommendation What have we learned? Enrollment Intentions by

BOE August 17, 2020 Opening School Recommendation What have we learned? Enrollment Intentions by Grade Level In Person/E-Learning Third party virtual Total survey responses = 175 Total number of students represented = 266 64% stay with LPS

204 views • 17 slides
Proposal of a Hierarchical Proposal of a Hierarchical Architecture for Multimodal Architecture for

Proposal of a Hierarchical Proposal of a Hierarchical Architecture for Multimodal Architecture for

Proposal of a Hierarchical Proposal of a Hierarchical Architecture for Multimodal Architecture for Multimodal Interactive Systems y Masahiro Araki* 1 Tsuneo Nitta* 2 Kouichi Katsurada* 2 Takuya Nishimoto* 3 Tetsuo Amakasu* 4 Shinnichi Kawamoto* 5

546 views • 35 slides
The Comprehensive ESRD Care (CEC) Model Open Door Forum April 24, 2014 Alefiyah Mesiwala, MD MPH

The Comprehensive ESRD Care (CEC) Model Open Door Forum April 24, 2014 Alefiyah Mesiwala, MD MPH

The Comprehensive ESRD Care (CEC) Model Open Door Forum April 24, 2014 Alefiyah Mesiwala, MD MPH Lead, Comprehensive ESRD Care CMS Innovation Center, CMS Updated April 24, 2014 Introduction The purpose of this initiative the

518 views • 51 slides
The Launch Solution Launch is a solution to high-quality online learning options designed ,

The Launch Solution Launch is a solution to high-quality online learning options designed ,

The Launch Solution Launch is a solution to high-quality online learning options designed , developed and delivered by Missouri educators. A students opportunity should not be limited by their zip code. Our Beliefs. A caring educator who

534 views • 26 slides
MANAGING SCIENTIFIC DATA WITH NDN Chengyu Fan, Susmit Shannigrahi, Steve DiBenedetto, Catherine

MANAGING SCIENTIFIC DATA WITH NDN Chengyu Fan, Susmit Shannigrahi, Steve DiBenedetto, Catherine

MANAGING SCIENTIFIC DATA WITH NDN Chengyu Fan, Susmit Shannigrahi, Steve DiBenedetto, Catherine Olschanowsky, Christos Papadopoulos NDNcomm 2015 Sept 28, 2015 Los Angeles, CA Supported by NSF #13410999 and NSF#1345236 Introduction

1.02k views • 80 slides
Branch offices and SMBs: choosing the right hyperconverged solution Presenters: Howard Marks

Branch offices and SMBs: choosing the right hyperconverged solution Presenters: Howard Marks

Branch offices and SMBs: choosing the right hyperconverged solution Presenters: Howard Marks Chief Scientist, DeepStorage.net Luke Pruen Director of Technical Services, StorMagic Infrastructures for the Remote Office Howard Marks -

238 views • 23 slides
OSG All Hands Meeting Future Storage Options for Fermilab/CMS Tier 1 Monday, 11-Mar-2013

OSG All Hands Meeting Future Storage Options for Fermilab/CMS Tier 1 Monday, 11-Mar-2013

OSG All Hands Meeting Future Storage Options for Fermilab/CMS Tier 1 Monday, 11-Mar-2013 Primary Author & Presenter: Catalin L. Dumitrescu Introduction Data Management is Important LHC has generated useful data (10-15PB/year)

463 views • 22 slides

More recommend