1. Internet2 Overview: Engagement, Network and Services Fall 2007 Member Meeting October 8, 2007

2. 2 Agenda Internet2 Overview - Marianne Smith Internet2 Network Services - Heather Martinson Middleware and Security - Renee’ Frost Discipline Communities - Ann Doyle Cyberinfrastructure Initiatives - Russ Hobby

3. 3 Internet2 Mission and Goals Internet2 Mission Develop and deploy advanced network applications and technologies, accelerating the creation of tomorrow’s Internet. Internet2 Goals  Enable new generation of applications  Re-create leading edge R&E network capability  Transfer technology and experience to the global production Internet

4. 4 What We Do…… We provide our members with an “Advanced Networking Environment” to use for research and education Internet2 network backbone Circuit Networks Network research HOPI IPv6, Multicast End-to-End Performance Initiative Applications and Services – e.g. Commons and InCommon Middleware Security

5. 5 What We Do……… We provide our members with an environment for partnerships and collaborations in advanced networking: Among themselves and with faculty and research peers With other partners: International, Federal agencies, K20 School networks, the Quilt Applications Collaborations: high energy physicists, arts & humanities, health science, teaching and learning

6. Internet2 Membership A Wealth of Diversity

7. 7 Internet2 Partnerships Internet2 fosters the partnerships and collaboration that spurred the development of the Internet. Academia Industry Government International

8. 8 Internet2 Membership Affiliate - 46 Members Non-profit research or education organizations Corporate - 60 Members For-profit companies Research and Education Network -30Members Network infrastructure providers to R & E community University – 209 Members United States institutions of higher education http://members.internet2.edu/

9. 9 Internet2 Universities 209 University Members http://members.internet2.edu/university/universities.cfm

10. 10 Internet2 Corporate Members Focused on Realizing the Potential that advanced Networking, Middleware and Applications hold for Research and Education and Opportunity to Shape the Future of the Global Internet Broad Range of Industries: - Technology Providers - Content Providers - Technology Consumers http://members.internet2.edu/corporate/

11. 11 Internet2 Corporate Partners

12. 12 Internet2 Corporate Sponsors Arbor Networks Campus Televideo Codian, Inc. Foundry Networks IOCOM Polycom Worldwide RADVISION TANDBERG VBrick Systems

13. 13 Internet2 Corporate Members ADVA Optical Networking Alcatel-Lucent Technologies Apparent Networks Arbinet-thexchange, Inc. Arootz Caterpillar, Inc. Cdigix Cedar Point Communications Comcast Cable Communications, Inc. C-SPAN CommuniGate Systems EBSCO Information Services Education Networks of America, Inc. EKINOPS Fujitsu Laboratories of America Global Crossing Google HaiVision Systems, Inc IntelePeer, Inc. Johnson & Johnson KDDI Corporation LifeSize Communications Media Links, Inc. Napster, LLC Nippon Telephone and Telegraph (NTT) Northrop Grumman Information Technology OCLC Online Computer Library Center OpVista, Inc. RIAA Red Hat, Inc. Ruckus Network, Inc. Schlumberger Soapstone Steelcase, Inc. The Thomson Corporation Verizon Business Video Furnance, Inc. Vidyo Warner Bros.

14. 14 Internet2 Affiliate Members Federal labs Federal agencies Fine arts institutions Health care institutions Performing arts organizations http://members.internet2.edu/affiliate/affiliates.cfm

15. 15 Internet2 Affiliate Members Acuta Altarum American Distance Education Consortium Association of Universities for Research in Astronomy (AURA) CERN Charles R. Drew University Children’s Hospital of Philadelphia Cleveland Institute of Music Cleveland Museum of Art Coalition for Networked Information (CNI) Department of Veteran Affairs Desert Research Institute EDUCAUSE ESnet Healthcare Information and Management Systems Society (HIMSS) Howard Hughes Medical Institute Indiana Higher Education Telecommunications System (IHETS) Inter-American Development Bank Internet Educational Equal Access Foundation Jet Propulsion Laboratory Lawrence Berkeley National Laboratory The Library of Congress Los Alamos National Laboratory Manhattan School of Music

16. Internet2 Affiliate Members Con’d NASA Goddard Space Flight Center NASA Marshall Space Flight Center National Archives and Records Administration National Institute of Standards and Technology (NIST) National Institutes of Health NOAA – Washington, D.C. National Science Foundation New World Symphony Oak Ridge National Laboratory OSTN (Open Student Television Network) Pacific Northwest National Laboratory PeachNet Ruth Lily Health Education Center SURA TOPIX U.S. Census Bureau United Nations System of Organizations United States Antarctic Program United States Dept. of Commerce Boulder Labs United States Holocaust Memorial Museum University Corporation for Atmospheric Research University of North Carolina General Administration University of Texas Medical Branch The World Bank 16

17. 17 Research and Education Network Members US-based non-profit organization that has a principal mission to provide network infrastructure and services primarily to the research and education community

18. 18 Internet2 R&E Network Members 3ROX CENIC CEN CIC OmniPoP CPE FLR GPN Indiana KanREN LEARN LONI MAGPI MAX MCNC Merit Network MOREnet MREN NJEDge.Net Northern Lights NOX NYSERNet Oregon GigaPoP OSCnet OneNet OSHEAN OneNet PNWG PeachNet SOX UEN WiscNet

19. K20 Initiative

20. 20 K20 Initiative Brings together Internet2 member institutions and innovators from primary and secondary schools, colleges and universities, libraries, and museums to extend new technologies, applications, middleware, and content to all educational sectors http://k20.internet2.edu/

21. 21 Lewis and Clark: Then and Now http://ali.apple.com/lewisandclark/

22. 22 JASON http://www.jason.org/

23. 23 Digital Learning Commons http://www.learningcommons.org/

24. 24 NEPTUNE http://www.neptune.washington.edu/

25. 25 An Asset for the Community Universities Researchers Regional Networks K-12 Industry International An Asset for the Community Universities Researchers Regional Networks K-12 Industry International

26. Internet2 Member Community

27. 27 Strengthening Community: Member Engagement Opportunities Join working groups, special interest groups and advisory groups http://www.internet2.edu/working-groups.html#Advisory Find collaborators for discipline and institutional projects and grants Foster applications development and faculty outreach Be an early adopter of new technologies and tools

28. 28 Strengthening Community: Member Engagement Opportunities Advisory Councils Projects and Initiatives Working Groups Collaborative grant efforts Member Meetings SIGs and BoFs Presentations Program Committee

29. 29 Strengthening Community: Supporting member engagement Middleware Architecture Committee for Education (MACE) Salsa: Security Advisory Group K20 Initiative Advisory Committee Health Sciences Advisory Group Arts & Humanities Advisory Groups Working Groups Special Interest Groups

30. 30 Strengthening Community: Supporting member activities and events Provide event planning expertise and resources Provide speakers Provide equipment Provide PR and communications for member events Spotlight member organizations and individuals Provide printed materials and signage

31. 31 Additional Workshops Arts & Humanities Performance Workshop Dynamic Circuit Services High-Energy Nuclear Physicists (Large Hadron Collider) IPv6 Multicast Network Performance Real Time Collaboration Tools (Internet2 Commons)

32. 32 Strengthening Community: Member Accomplishments Advanced applications development, broad and deep Development and deployment of middleware capabilities, locally and nationally Creation and support of national high- performance networks, including next generation optical networks Strong partnerships with international networking organizations Focused efforts on end-to-end performance, and network and host security

33. 33 Strengthening Community:Internet2 Governance Creation of four new Councils that are heterogeneous, defined by operational function and more tightly connected to the membership: Architecture and Operations Advisory Council (AOAC)AOAC Applications, Middleware, and Services Advisory Council (AMSAC)AMSAC Research Advisory Council (RAC)RAC External Relations Advisory Council (ERAC)ERAC

34. 34 Strengthening Community:Internet2 Governance Each Council has three seats from each of these constituency groups: constituency groups CIO Representatives Regional Network Representative Researcher Representative Industry Representative http://www.internet2.edu/about/governance/

35. Internet2 Network Overview Heather Martinson, Sr. Program Manager 2007 Fall Member Meeting San Diego, California

36. Internet2 Network Outline Network Community Network Overview Services Slide 36

37. Connector – maintains direct connection to Internet2 Network; provide connections and network services to Internet2 members Participant – a Member of Internet2 that has entered into an Internet2 Network Participation Agreement Sponsored Participant – an individual non-Internet2 member educational institution that is sponsored by one or more Internet2 University Members Includes K20 schools, museums, libraries, hospitals, zoos; can be not-for-profit or for-profit within these categories Sponsored Education Group Participant (SEGP) – an aggregate of one or more networks serving educational and education-related organizations and state/local government institutions within the same state Internet2 Network Network Affiliations Slide 37

38. Internet2 Network Internet2 Communities 04/07Member Community10/07 209University Members209 12Corporate Partners12 11Corporate Sponsors9 34Corporate Members35 46Affiliate Members46 19Regional Network Members30 54International MoU Partners (reaching 80+ networks)56 Network Community 32Connectors22 246Participants245 153Sponsored Participants155 38Sponsored Education Group Participants38 Slide 38

39. Internet2 Network Network Community New Participants Thomson Corporation NIST Northrop Grumman Dept. of Veterans Affairs (pending) Philadelphia Orchestra (pending) New Sponsored Participants Speed Art Museum Louisville Medical Center Network (LMCnet) College of Charleston Fernbank Science Center Slide 39

40. Internet2 Network SEGP – 38 States Slide 40

41. Internet2 Network International Connectivity Slide 41 http://international.internet2.edu/

42. Europe-Middle East Austria (ACOnet) Belgium (BELNET) Croatia (CARNet) Czech Rep. (CESNET) Cyprus (CYNET) Denmark (Forskningsnettet) Estonia (EENet) Finland (Funet) France (Renater) Germany (G-WIN) Greece (GRNET) Hungary (HUNGARNET) Iceland (RHnet) Ireland (HEAnet) Israel (IUCC) Italy (GARR) Latvia (LATNET) Lithuania (LITNET) Asia-Pacific Americas Argentina (RETINA) Brazil (RNP2/ANSP) Canada (CA*net) Chile (REUNA) Mexico (Red-CUDI) United States (Abilene) Peru (RAAP) Venezuela (REACCIUN-2) Last updated: April 2005 M Luxembourg (RESTENA ) alta (Univ. Malta) Netherlands (SURFnet) Norway (UNINETT) Poland (POL34) Portugal (RCTS2) Qatar (Qatar FN) Romania (RoEduNet) Russia (RBnet) Slovakia (SANET) Slovenia (ARNES) Spain (RedIRIS) Sweden (SUNET) Switzerland (SWITCH) United Kingdom (JANET) Turkey (ULAKBYM) *CERN Australia (AARNET) China (CERNET, CSTNET, NSFCNET) Hong Kong (HARNET) Japan (SINET, WIDE, JGN2) Korea (KOREN, KREONET2) Singapore (SingAREN) Philippines (PREGINET) Taiwan (TANet2, ASNet) Thailand (UNINET, ThaiSARN) Algeria (CERIST) Egypt (EUN/ENSTIN) Morocco (CNRST) Tunisia (RFR) South Africa (TENET) Central Asia Africa Armenia (ARENA) Georgia (GRENA) Kazakhstan (KAZRENA) Tajikistan (TARENA) Uzbekistan (UZSCI) Internet2 Network International Connectivity Slide 42

43. Internet2 Network International Connectivity Slide 43 T640 PacWave: TANet2/TWAREN, AARnet, KOREN/KREONet2, CA*Net4, GEMNET, REANNZ, TransPac2 GLORIAD, France Telecom (v6), TANet2/TWAREN, HARNET, CERN StarLight: KOREN/KREONet2, CA*Net4, ASNet, CERN, JGN2, SINET NGIX-Ames: AARnet PacWave: UNINET, SINET, QatarFN, APAN/TransPac2 TANet2/TWAREN, SingAREN redCLARA, CUDI via CALREN/PacWave CUDI via UTEP / UT AMPATH: RNP2, ANSP, REACCIUN-2 GEANT NGIX-East: CLARA AtlWave: FIU MAN LAN: TANet2/TWAREN, TENET, MCIT/ENERGI, QatarFN, CA*Net4, SURFNet, CERN, GEANT (2), SINET, NetherLight/IEEAF

44. Internet2 Network Federal Peering Slide 44 T640 PacWave: DREN, NREN, ESnet StarLight: TeraGrid, NREN, DREN, NISN, USGS, ESNet NGIX-Ames: NREN, DREN, NISN, USGS DC: DRAGON NGIX-East: DREN, NISN, NREN, USGS, ESNet New York: ESnet

45. Internet2 Network Outline Network Community Network Overview Services Slide 45

46. Built on dedicated fiber from Level(3) Communications – 13,000+ mile footprint Deployed and configured over 300 Infinera Network Elements Day 1 capacity of 100Gbps Built 27 custom collocation suites representing 3,365 sqft of space including: 91 Racks - Internet2, ESnet, third-parties 60 Individual bulk cables with 48 & 96 fiber count Internet2 and ESNet NOCs get same, real-time feeds as the Level(3) NOCs in Atlanta & Denver Developed the Virtual Network Operations Center – Provisioning and Troubleshooting Dashboard Internet2 Network By the Numbers Slide 46

47. Internet2 Network Slide 47

48. Internet2 Network Outline Slide 48 Network Community Network Overview Services

49. Slide 49 Internet2 Network MAN LAN Manhattan Landing in New York City Partnership with NYSERNet, Indiana University, Internet2 & the IEEAF High performance exchange facility for R&E networks Located at 32 AoA in NYC - easy interconnection to many national and international carriers and other R&E networks Peerings with Atlantic Wave international peering fabric Peering model is open and bilateral Cost recovery model - minimal connection charges for layer 2 facility, none for layer 1 connections

50. Internet2 Network Network Services Best-Effort High-Speed IP Service Research IP Commercial Peering Service WaveCo Point-to-Point Transport Services Dynamic Circuit Network Physical Connection 1 or 10 Gigabit Ethernet OC-192 SONET Slide 50

51. Internet2 Network IP Network Services Carrier class IP service (what is commonly thought of as “Internet2” or “Abilene” service) Natively supports IPv4 and IPv6, as well leading edge features of IP including multicast for both IPv4 and IPv6. Carried over a dedicated 10 Gbps backbone wave on the Internet2 Network infrastructure. 40Gbps and 100Gbps are potential future enhancements. Backhaul to the nearest router is included in the IP connection fee. If a connector would like to go to a different router, they may incur additional fees. A connector may obtain, at an additional fee, a geographically diverse connection into the network for redundancy; however, this connection is viewed as a backup and the aggregate traffic flow over the primary and redundant circuit must not exceed that of the primary circuit. An additional IP circuit with no such restriction is also available. [Pricing available on request ] Slide 51

52. Internet2 Network Commercial Peering Service Direct connection between Internet traffic generators or data aggregators and carriers: Yahoo, Google, YouTube, etc. - traffic generators PAIX, Equinix, etc. - point of data aggregation/exchange large backbone carriers such as tier one providers Settlement-free neither party pays the other voluntary provides mutual benefit Slide 52

53. Internet2 Network Commercial Peering Service Slide 53 Join the growing list of CP Service participants

54. Members leverage their existing Internet2 Network investments included in Connectors base network connection fee at no additional cost savings from reductions in commodity Internet traffic costs enhanced network performance net neutral connection Slide 54 Internet2 Network Commercial Peering Service

55. Uses the Internet2 Network Best in class traffic engineering, filtering, and performance monitoring Platform based on Juniper T640 routers Supported through the Internet2 Network Operation Center at Indiana University World class 7 * 24 * 365 operations Proven record – responsive for over 9 years Slide 55 Internet2 Network Commercial Peering Service

56. Slide 56 Additional peering connections are being evaluated these will continue to improve and diversify our commercial network peering structure Internet2 Network Commercial Peering Service

57. If you are a Internet2 Network Connector Contact the Internet2 NOC the NOC will step you through the process establish a second BGP session over a separate vLAN tune performance noc@net.internet2.edu (317)-278-6622 Slide 57 Internet2 Network Commercial Peering Service

58. If you are an R&E member institution Internet2 offers this service to all Internet2 Network Connectors, who in turn offer it to individual Internet2 R&E member institutions at their discretion contact your Internet2 Network Connector to discuss your request A list of Connectors is available at www.internet2.edu/renm/member.cfm www.internet2.edu/renm/member.cfm For more info go to www.internet2.edu/network/cp.html or send an e-mail to network@internet2.edu www.internet2.edu/network/cp.htmlnetwork@internet2.edu Slide 58 Internet2 Network Commercial Peering Service

59. Internet2 Network Dynamic Circuit Network The DC (Dynamic Circuit) Network automatically provisions circuits across the network, among participants in the dynamic networking control plane and protocol Supported by connections into the Ciena CoreDirectors Circuits are created by a control plane in which all DCN connectors must participate. Circuits can have any bandwidth across the Internet2 infrastructure from 50Mbps to 10Gbps Circuit setup on the DCN is subject to blocking based on available capacity Circuits are short in duration, no longer than 2 weeks Circuits are currently not protected Circuit connections are available to Connectors, members and peers Slide 59

60. Internet2 Network WaveCo Static Circuit Services Static Circuits refers to circuits that have two fixed endpoints across the Internet2 circuit infrastructure Are currently set up manually by the Internet2 NOC Can have any bandwidth from 50Mbps to a full 10Gbps wave or multiple 10G waves Can be provisioned directly over the Infineras (waves) or through the Cienas (sub-rate circuits) Circuits can be offered both as protected and unprotected; if protected, they may be subject to additional fees Can be ordered for a period of weeks up to years: 30 Day billing minimum; can be reserved up to one year in advance Have a fee for service that is based on distance, bandwidth, duration and protection scheme Slide 60

61. Slide 61 For more information: http://www.internet2.edu/network/ http://i2net.blogspot.com network@internet2.edu heather.martinson@internet2.edu Thank you! http://www.internet2.edu/network/ http://i2net.blogspot.com@internet2.edu

62. Middleware Renee Woodten Frost Associate Director, Middleware & Security rwfrost@internet2.edu

63. 63 Integrated Systems Model

64. 64

65. 65 Middleware Infrastructure Focus: Inter-institutional collaboration Scalable authenticated/authorized access to remote resources Internet2 role : Defining/creating architecture: Shibboleth Tools to implement: Shibboleth, Grouper, Signet Infrastructure/Services to scale: InCommon, USHER

66. 66 Internet2 Middleware: Key Concepts Use federated administration as the lever - enterprise brokers most services (authentication, authorization, resource discovery, etc.) in inter-realm interactions Develop a consistent directory infrastructure within R&E Provide security while not degrading privacy Foster inter-realm trust fabrics: federations and virtual organizations Leverage campus expertise and build rough consensus Influence the marketplace; develop where necessary Support for heterogeneity and open standards

67. 67 MACE (Middleware Architecture Committee for Education) Purpose - to provide advice, create experiments, foster standards, etc.; create working groups Membership - Bob Morgan (UW) Chair, Tom Barton (Chicago), Scott Cantor (Ohio State), Steven Carmody (Brown), Michael Gettes (Internet2), Keith Hazelton (Wisconsin), Paul Hill (MIT), Jim Jokl (Virginia), Scotty Logan (Stanford), Mark Poepping (CMU), David Wasley (retired Univ California), Von Welch (Grid) International members - Brian Gilmore (Edinburgh), Leif Johansson (Sweden), Diego Lopez (Spain), Rodney McDuff (Australia), Ton Verschuren (Netherlands)

68. 68 National Science Foundation Middleware Initiative (NMI) NSF program to support & deploy middleware for R & E Two types of awards System Integrators - widely used tools & services EDIT – Internet2, EDUCAUSE, SURA Grids – ISI, Wisconsin, Argonne, Michigan, Indiana Other awards - academic pure research components Issued periodic NMI releases of software, services, architectures, object classes and best practices Three rounds of awards – 2001, 2003, and 2007

69. 69 Core Middleware Scope (aka Identity Management functions) Identity and Identifiers – namespaces, identifier mappings, real world levels of assurance, etc. Authentication – campus technologies and policies, inter-realm interoperability via PKI, Kerberos, etc. Directories – enterprise directory services architectures and tools, standard object classes, inter- realm and registry services Authorization – permissions and access controls, delegation, privacy management, etc. Integration Activities – open management tools, use of virtual, federated and hierarchical organizations, enabling common applications with core middleware

70. 70 Landmark Work Consensus standards – eduPerson, eduOrg, eduMember, eduCourse, commObject (H.350) Best Practices and Deployment Strategies – LDAP Recipe, Group Management, Metadirectories, Enterprise Directory and Authentication Implementation Roadmaps Tools – KX.509, LDAP Analyzer, LOOK

71. Landmark Work Software systems – OpenSAML, Shibboleth, Signet, Grouper Outreach – CAMPs, presentations, publications, case studies, Extending the Reach program Services – InCommon Federation, USHER (PKI)

73. 73 Federated Identity Model Leverages enterprise identity for inter-realm purposes Uses local authentication Allows variety of authentication options Passes agreed upon authentication and attributes (identifiers, affiliations, memberships, entitlements) Based on privacy, security, and trust as critical issues More scalable

74. 74 What is a Federation? A coalition of collaborating organizations supporting agreed upon policies leveraging existing identity and resource management technologies to permit fine-grained privacy control for online individuals and resource protection for a wide variety of online services and information. Offers flexible, largely scalable privacy- preserving Identity Management infrastructure

75. 75 Federation Fundamentals Members sign a contract to join Members must still create Business Relationships with each other Bilateral relationships can impose additional policy The Federation does NOT Collect or assert anything, except the necessary metadata about member signing keys, etc. Authenticate end users Provide services, though it may be associated with groups or buying clubs

76. Home Circle University Anonymous ID# Dr. Joe Oval Psych Prof. SSN 456.78.910 Circle University joe@circle.edu Dr. Joe Oval Psych Prof. SSN 456.78.910 Affiliation EPPN Given/SurName Title SSN Password #1 Circle University ID # 123-321 Dr. Joe Oval Psych Prof. SSN 456.78.910 ! Role of the Federation 1. Agreed upon Attribute Vocabulary & Definitions: EduPerson: Member of, Role, Unique Identifier, … 2. Criteria for IdM practices (user accounts, credentialing, etc.), personal information stewardship, interoperability standards, technologies 3. Digital Certificates 4. Trusted “notary” for all universities and partners 5. and… Metadata Verified By the Federation Verified By the Federation Verified By the Federation Verified By the Federation

77. 77 International Research & Education Federations Mature in many countries,including UK, France, Germany, Switzerland, Netherlands, Norway, Sweden, Spain, Denmark, Australia, etc. Most are Shibboleth-based; some use other federation products Scope is usually higher ed, but some are broader (UK, Spain, Netherlands) Use cases range from content access to collaboration support to learning management systems to wireless roaming to..

78. InCommon Federation US Research & Education Federation, an LLC Addresses legal, LOA, shared attributes, business proposition, etc issues Participants are universities, service providers, government agencies Uses range from popular & academic content access to administrative services to wiki & list control to accessing NIH applications to.. www.incommonfederation.org

79. Key aspects of InCommon Federation software - Shib v1.3 (open-source, standards-based, privacy-preserving federating software - v2.0 targeted for release this fall) Shared attributes & schema - eduPerson based Lever of authentication Participant Operational Practices (POP) for LOA today Bronze and Silver will map to LOA 1 & 2 Governance/Management Steering Committee Operations by Internet2

80. InCommon Participation Growth

81. 64 Current InCommon Participants Higher Education Participants (46) Sponsored Participants (17) Government and NonProfit Laboratories, Research Centers, and Agencies (1)

82. 82 USHER U.S. Higher Education Root (USHER) Certificate Authority A public key infrastructure (PKI) supported by the higher education community for emerging deployments in research, education, and transactions in higher education that require PKI. http://www.usherca.org/

83. 83 Public Key Infrastructure (PKI) Key Pair: Private Key, Public Key Certificate: Public Key bound to an identity, with usage criteria and validation mechanisms Hierarchical chain: Rooted trust Uses: 1.True Digital Signatures 2.Credentials (Authentication of Individuals) 3.Encryption (Privacy) 4.Authentication of Digital Objects

84. 84 USHER Status Internet2 operates the USHER Root CA Relatively high Level of Assurance (LoA) Issuing campus Authority Certificates since June 2007 Subscriber Agreement posted 9 Expected Practices: CA management and current policy/practice of campus identity management

85. 85 Recent Middleware Activities Authentication - Federation Interoperability InCommon with federal gov’t e-auth federation InCommon with state & national federations Authorization – Grouper and Signet Middleware Diagnostics – EDDY toolkit PKI, USHER Collaboration Tools, CO-Manage Virtual Organization Support Workflow Support

86. Collaboration Tools/Platform Collaboration = key to academic life, especially for researchers Over abundance of new collaboration tools Integration of middleware/IAM tools in support of collaboration (enterprise user database, group management, and privilege management)

87. Collaboration Management CO-Manage Commonly and transparently manage which identities and attributes can use capabilities of collaboration tools Can offer delegation, privacy management, and maybe even diagnostics Goal – to develop “platform” for handling identity management aspects of many different collaboration tools

88. 88 Security

89. Relationship between Middleware and Security Middleware = well-defined infrastructure layer Security = more like an attitude, not crisply defined, spans all layers

90. 90 Integrated Systems Model

91. 91 Security Much of the middleware work, in its identity management and access control areas, is also a large part of the security space Security for Internet2 services Salsa as the point for member engagement Development of new security capabilities Short time horizon Medium time horizon Long time horizon

92. 92 Federated Identity Management Federated identity leverages institutional Identity Management in inter-institutional settings By itself, federated identity can provide significant security value – enables flexible LOAs, improves privacy, etc. As a new layer of infrastructure, it can be leveraged to provide new security services Improved guest access usability & accountability Privilege management for virtual organizations CAMP Workshop: Bridging Security & Identity Mgmt Tempe, Arizona February 13-15, 2008

93. 93 Security for Internet2 Services Internet2 Network – network operational security practices for continuous evaluation and improvement Securely providing trust InCommon Federation USHER

94. 94 Salsa Advisory on issues, priorities, directions Charters working groups 10-12 members representing R&E expertise, chaired by Mark Poepping, CMU Works in collaboration with the EDUCAUSE/Internet2 Security Task Force Facilitates member engagement

95. 95 Near-term Initiatives Computer Security Incidents (CSI2) A development working group, chaired by Chris Misra, UMass Working closely with REN-ISAC at Indiana U Funded in part by Dept of Justice grant Facilitating secure exchange of real-time security information; aimed at incident handlers Augmenting the diminishing value of signature analyses (due to encrypted attacks) with statistical analyses

96. 96 Near-term Initiatives CSI2 Working Group (cont) Requirements include: Taxonomy, syntax & semantics of security events A protocol for the exchange (IODEF) Trusted parties for the transmission Third party facilitation for “ripple effects” and statistical analyses, working with the REN-ISAC Policy cover Outcomes to date: RENOIR reporting system for sharing information regarding security incidents within an inter-institutional trust community Shared Darknets project - wide aperture analyses

97. 97 Near-term Initiatives Disaster Planning & Recovery Explore contingency planning; developing & testing recovery plans, policies, & procedures; Warm/hot site strengths, weaknesses, potential pitfalls; contractual & SLA models and guidance for Develop set of best practices & services Chaired by Don McLeod, Cornell

98. 98 Near-term Initiatives DNSSEC - advisory group on adopting DNSSEC; has begun a cross-signing project, to sign at least one of their zones and exchange trust anchors to mutually validate their DNS records. NetGuru - a periodic meeting of senior network and security engineers; a forum to engage in discussion of timely topics.

99. 99 Mid-term Security Initiatives Netauth – improving the act of network connection Effective mechanisms Safely including isolation and remediation FWNA – federated wireless network access Using local authentication and attributes to connect the roaming user Intends to tie in with eduroam – www.eduroam.nl www.eduroam.nl

100. 100 Long-term Security Initiatives Reconnections Identifying issues in managing advanced academic networks Workshop October 2005 Report at http://security.internet2.edu/rtp/docs/internet2- reconnections-proceedings-200603.html/ http://security.internet2.edu/rtp/docs/internet2- reconnections-proceedings-200603.html/ Follow-up interactions with GENI & other efforts Engagement with next-generation protocols Engagement with vendors on silent failures, integration of identity management, etc.

101. DISCIPLINE COMMUNITIES Ann Doyle 101

102. 102 High Energy and Nuclear Physics (HENP) Physicists are generating Terabytes of data (1,000,000,000,000 or 1x1012) per experiment from the CERN lab in Switzerland Types of network usage: Bulk data transfers multicast and low-latency/jitter networks for effective video conferencing

103. 103 NEES – Earthquake Research Remote control of computer simulations Video is crucial for conferencing and as scientific data Types of network usage: Remote control of resources Bulk data transfer and distributed data storage Video as data

104. 104 VLBI Astronomers collect data about a star from earth based antennae. End goal is to send data at 1Gb/s from over 20 antennae located around the globe. Types of network usage: Long time duration data streaming Distributed data storage, real-time dynamic retrieval, and distributed processing

105. 105 University of Southern California A 180 terabyte multimedia archive of Holocaust testimonies Currently being accessed by University of Southern California Rice University Yale University University of Michigan Shoah Foundation Institute For Visual History and Education

106. 106 Master Classes Active involvement… Columbia University Manhattan School of Music Cleveland Institute of Music New World Symphony Curtis Institute of Music University of Michigan Eastman School of Music University of Oklahoma Florida State University Wayne State University Indiana University And many others…… Michael Tilson Thomas Pinchas Zukerman

107. 107 Bradley University: The Adding Machine (Elmer Rice's 1923 classic play) Bradley University University of Central Florida University of Waterloo Multicast DVTS

108. 108 Key Health Science Members 112 Academic Medical Colleges (AAMC) and their medical centers 130 Health Science related colleges Public Health, Nursing, Dentistry, Pharmacy Affiliate Members NIH, NSF, NASA, NOAA Howard Hughes Medical Institute Pharmaceutical Companies Johnson & Johnson, Pfizer, Eli Lilly Industry Cisco, IBM, Microsoft, SUN, Polycom, Haivision Partnership with Health Information Management Systems Society (HIMSS)

109. 109 Biotech Data's BIG BANG It's like Moore's Law on steroids: The total volume of biological data worldwide, having doubled every 18 months in recent years, is now doubling every half a year to three months. And this isn't a momentary spike, but a long-term trend that may require new ways to measure, analyze and mine biological databases. Chappell Brown EE Times EE Times (04/25/2005)

110. 110 EACH BRAIN REPRESENTS A LOT OF DATA Comparisons must be made across several image sets Slide courtesy of Arthur Toga (UCLA)

111. 111 Research Team of the Future: Cancer Biomedical Informatics Grid Global Cancer Research Community Grid deployment to Cancer Centers Bioinformatics infrastructure Public data sources Funded by: NCI/NIH http://cabig.nci.nih.gov/

112. 112

114. Cyberinfrastructure Russ Hobby, Internet2 Internet2 Member Meeting 8 October 2007

115. Cyberinfrastructure? Ask any number of people “What is Cyberinfrastructure?” and you will probably get an equal number of definitions We need a common understanding of CI in order to build and operate it.

116. Cyberinfrastructure Vision at NSF NSF’S CYBERINFRASTRUCTURE VISION FOR 21ST CENTURY DISCOVERY http://www.nsf.gov/od/oci/ci-v7.pdf

117. The Nature of Research Today Discipline groups working on a common project. The groups are made of researchers from multiple institutions. They use the network in support of Virtual Organizations (VOs)

118. Example Researcher using CI Jane is an environmental researcher and is going to find a solution to Global Warming. To do this she needs to collect and store data, do analysis of the data and run some simulation models to test her hypothesis. She will share ideas, data and results with her Discipline Group. Here are her steps in using CI

119. Control Instruments to Gather Data Instrumentation Control Researcher Control

120. Security and Access Control Instrumentation Security Control Management Security and Access Authentication Access Control Authorization Researcher Control Security

121. Data Transfer and Storage Instrumentation Security Control Data Generation Management Security and Access Authentication Access Control Authorization Researcher Control Security Data Sets Storage Security Input

122. Data Analysis Instrumentation Security Control Data Generation Computation Analysis Program Security Management Security and Access Authentication Access Control Authorization Researcher Control Program Security Data Sets Storage Security Retrieval Input

123. Visualization Instrumentation Security Control Data Generation Computation Analysis Simulation Program Security Management Security and Access Authentication Access Control Authorization Researcher Control Program Viewing Security Display and Visualization. Display Tools Security Data Input Search Data Sets Storage Security Retrieval Input

124. Simulation and Viewing Instrumentation Security Control Data Generation Computation Analysis Simulation Program Security Management Security and Access Authentication Access Control Authorization Researcher Control Program Viewing Security 3D Imaging Display and Visualization. Display Tools Security Data Input Search Data Sets Storage Security Retrieval Input

125. Sharing, Collaboration, Publishing and Outreach Instrumentation Security Control Data Generation Computation Analysis Simulation Program Security Management Security and Access Authentication Access Control Authorization Researcher Control Program Viewing Security 3D Imaging Display and Visualization. Display Tools Security Data Input Collab Tools Publishing Human Support Help Desk Search Data Sets Storage Security Retrieval Input Schema Metadata Data Directories Ontologies Archive Education And Outreach Training

126. Jane goes after new grant Instrumentation Security Control Data Generation Computation Analysis Simulation Program Security Management Security and Access Authentication Access Control Authorization Researcher Control Program Viewing Security 3D Imaging Display and Visualization. Display Tools Security Data Input Collab Tools Publishing Human Support Help Desk Policy and Funding Resource Providers Funding Agencies Campuses Search Data Sets Storage Security Retrieval Input Schema Metadata Data Directories Ontologies Archive Education And Outreach Training

127. Cyberinfrastructure Functions and Resources Instrumentation Security Control Data Generation Computation Analysis Simulation Program Security Management Security and Access Authentication Access Control Authorization Researcher Control Program Viewing Security 3D Imaging Display and Visualization. Display Tools Security Data Input Collab Tools Publishing Human Support Help Desk Policy and Funding Resource Providers Funding Agencies Campuses Search Data Sets Storage Security Retrieval Input Schema Metadata Data Directories Ontologies Archive Education And Outreach Training

128. The Network is the Backplane for the Distributed CI Computer Instrumentation Security Control Data Generation Computation Analysis Simulation Program Security Management Security and Access Authentication Access Control Authorization Researcher Control Program Viewing Security 3D Imaging Display and Visualization. Display Tools Security Data Input Collab Tools Publishing Human Support Help Desk Policy and Funding Resource Providers Funding Agencies Campuses Search Data Sets Storage Security Retrieval Input Schema Metadata Data Directories Ontologies Archive Education And Outreach Network Training

129. Grid Orgs National Regional International Supercomputer Sites Computation Storage Software Development Discipline Support Campus IT Security ID Mang Network Data Center Researchers Staff Grad Students Faculty Network Providers National Regional International Security/ Access Coordinators National Regional International Cyberinfrastructure Players Collections Organizations Discipline Groups PublishersLibraries Policy/ Leadership/ Funding Federal Agencies Educational Organizations OGF Medicine Discipline Groups Biological Science. Physical Science Other Disciplines

130. Traditional Grid Computing Built by Supercomputer Sites or in Researcher’s Labs Support internal to discipline Campus IT generally not involved There have been problems with facilities in researcher’s labs (power, HVAC, network)

131. Moving into CI Disciplines new to CI are doing their planning, but expect others to provide it. Campus IT organizations starting to get more involved Supporting organizations are figuring out how to work together.

132. Who Worries about the Network? Generally not the Researchers Those that provide services to the researchers The discipline IT support group Campus IT organizations Supercomputer sites Grid Organizations

133. CI is not just for Researchers The current focus on CI is its use by Researchers. However this is an emerging technology that will be used by all, just as the individual computer and the Internet has become a regular work tool.

134. CI Days Workshops TeraGrid, Open Science Grid, NLR, Internet2, EDUCAUSE, and the IRNC have come together to try to help better understand the CI picture, and to better coordinate functions and roles in the creation of this infrastructure. One activity started by this group is “CI Days” held for campuses to assist in their CI planning. This workshop brings together players from the campus, region and nation to share information and plan how to provide CI functions for the campus. The national and regional groups will also learn the campus needs to help better direct the evolution of the services.

135. UC Davis CI Days Focused on Research use of CI Co-hosted by the CIO and Vice Provost for Research Presentations from National and Regional Organizations, Campus Colleges and IT. Breakout Group discussions with reports to start the planning process http://vpiet.ucdavis.edu/cyberinfrastructure.cfm

136. Regional CI Days Serve as a way to scale CI Days Representatives from campuses can go home and expand the experience for their campus environment What format? Use host campus as a case study? Just cover methodology for CI Days? In the queue NYSGrid New Mexico

137. Other Activities Presentations and Workshops CI Days Web/Wiki Collect Campus CI Plans Let campuses share their plans with others on the CI Days Wiki

138. Russ’ CI Vision Set of tools and resources that allow: Computation and Storage to easily allow transition from the desktop, to the campus resource, to the regional center, to national super centers using the same software. Data repositories in formats and locations to allow ease of sharing among all interested disciplines (the real digital library!) Tools to allow people to easily construct systems to analyze, visualize and simulate their research subjects. Collaboration tools that allow people to work together like they are in the same room, even if they aren’t.

139. More Info: Membership – Marianne Smith melser@internet2.edu Network – Heather Martinson heather2@internet2.edu Middleware – Renee’ Frost rwfrost@internet2.edu Discipline Communities – Ann Doyle adoyle@internet2.edu Cyberinfrastructure – Russ Hobby rdhobby@internet2.edu

140. 140