Network, Operations and Security Area Tony Rimovsky NOS Area Director

Slides:

Advertisements

Similar presentations

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Advertisements

Xsede eXtreme Science and Engineering Discovery Environment Ron Perrott University of Oxford 1.

1 US activities and strategy :NSF Ron Perrott. 2 TeraGrid An instrument that delivers high-end IT resources/services –a computational facility – over.

Chapter 13 Review Questions

Chapter 19: Network Management Business Data Communications, 5e.

High Performance Computing Course Notes Grid Computing.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.

Simo Niskala Teemu Pasanen

Core Services I & II David Hart Area Director, UFP/CS TeraGrid Quarterly Meeting December 2008.

Network, Operations and Security Area Tony Rimovsky NOS Area Director

Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Jon Siwek Von Welch Nancy Wilkins-Diehr.

NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.

GIG Software Integration: Area Overview TeraGrid Annual Project Review April, 2008.

TeraGrid Information Services December 1, 2006 JP Navarro GIG Software Integration.

Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts

GIG Software Integration Project Plan, PY4-PY5 Lee Liming Mary McIlvain John-Paul Navarro.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

GRAM: Software Provider Forum Stuart Martin Computational Institute, University of Chicago & Argonne National Lab TeraGrid 2007 Madison, WI.

1 TeraGrid ‘10 August 2-5, 2010, Pittsburgh, PA State of TeraGrid in Brief John Towns TeraGrid Forum Chair Director of Persistent Infrastructure National.

What is Cyberinfrastructure? Russ Hobby, Internet2 Clemson University CI Days 20 May 2008.

SAN DIEGO SUPERCOMPUTER CENTER Impact Requirements Analysis Team Co-Chairs: Mark Sheddon (SDSC) Ann Zimmerman (University of Michigan) Members: John Cobb.

Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.

Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.

TeraGrid Privacy Policy: What is it and why are we doing it… Von Welch TeraGrid Quarterly Meeting March 6, 2008.

Russ Hobby Program Manager Internet2 Cyberinfrastructure Architect UC Davis.

TeraGrid CTSS Plans and Status Dane Skow for Lee Liming and JP Navarro OSG Consortium Meeting 22 August, 2006.

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

GRID ARCHITECTURE Chintan O.Patel. CS 551 Fall 2002 Workshop 1 Software Architectures 2 What is Grid ? "...a flexible, secure, coordinated resource- sharing.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

ANKITHA CHOWDARY GARAPATI

Scalable Systems Software for Terascale Computer Centers Coordinator: Al Geist Participating Organizations ORNL ANL LBNL.

Ruth Pordes November 2004TeraGrid GIG Site Review1 TeraGrid and Open Science Grid Ruth Pordes, Fermilab representing the Open Science.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Presented by: Tony Rimovsky TeraGrid Account Management Tony Rimovsky, Area Director for Network Operations and Security

TeraGrid NOS Turnover Jeff Koerner Q meeting December 8, 2010.

1 NSF/TeraGrid Science Advisory Board Meeting July 19-20, San Diego, CA Brief TeraGrid Overview and Expectations of Science Advisory Board John Towns TeraGrid.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

Sergiu April 2006June 2006 Overview of TeraGrid Resources and Services Sergiu Sanielevici, TeraGrid Area Director for User.

NOS Report Jeff Koerner Feb 10 TG Roundtable. Security-wg In Q a total of 11 user accounts and one login node were compromised. The Security team.

Cyberinfrastructure Overview Russ Hobby, Internet2 ECSU CI Days 4 January 2008.

Cyberinfrastructure: Many Things to Many People Russ Hobby Program Manager Internet2.

Data Area Report Chris Jordan, Data Working Group Lead, TACC Kelly Gaither, Data and Visualization Area Director, TACC April 2009.

Data, Visualization and Scheduling (DVS) TeraGrid Annual Meeting, April 2008 Kelly Gaither, GIG Area Director DVS.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

NSF Middleware Initiative Purpose To design, develop, deploy and support a set of reusable, expandable set of middleware functions and services that benefit.

TeraGrid-Wide Operations Von Welch Area Director for Networking, Operations and Security NCSA, University of Illinois April, 2009.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

TeraGrid-Wide Operations DRAFT #2 Mar 31 Von Welch.

Company LOGO Network Management Architecture By Dr. Shadi Masadeh 1.

Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr.

TeraGrid’s Common User Environment: Status, Challenges, Future Annual Project Review April, 2008.

Software Integration Highlights CY2008 Lee Liming, JP Navarro GIG Area Directors for Software Integration University of Chicago, Argonne National Laboratory.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

TG ’08, June 9-13, State of TeraGrid John Towns Co-Chair, TeraGrid Forum Director, Persistent Infrastructure National Center for Supercomputing.

Data Infrastructure in the TeraGrid Chris Jordan Campus Champions Presentation May 6, 2009.

TeraGrid’s Process for Meeting User Needs. Jay Boisseau, Texas Advanced Computing Center Dennis Gannon, Indiana University Ralph Roskies, University of.

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

Grid Account Management: A Case Study GGF 9 PGM-RG Chicago, IL October 5-8, 2003 Doru Marcusiu Assistant Director Grid and Security.

TeraGrid Software Integration: Area Overview (detailed in 2007 Annual Report Section 3) Lee Liming, JP Navarro TeraGrid Annual Project Review April, 2008.

NSF TeraGrid Review January 10, 2006

Federated Environments and Incident Response: The Worst of Both Worlds

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Presentation transcript:

Network, Operations and Security Area Tony Rimovsky NOS Area Director

SDSC TACC UC/ANL NCSA ORNL PU IU PSC NCAR Resource Provider (RP) The TeraGrid Map NICS LONI Network Hub

Networking Origins of the TeraGrid network –Originally 4 sites with 3x10G each –Full mesh of 10Gbps links Evolution –Most sites now at 10G, not 30G –TG Backbone is now 10G Key question: Why continue to have a TeraGrid specific network? –Variation in capacities to R&E Networks –Application specific utility GPFS-WAN and Luster-WAN –Security

Networking Networking challenges –Tracking application specific use of the network –Finding a new architecture paradigm

Operations TeraGrid GIG coordinates with RPs Resource Providers operate resources individually, but in a coordinated fashion –Accounts, Allocations, Accounting, Software, Processes, User Support and Policy are all coordinated –Coordinated does not necessarily mean “the same” –Some activities are either shared or impact across the project »Operations Center, Accounting/Allocations, Networking, Security Instrumenting core activities is key – INCA validation testing helps coordinate software – Common accounting provides the ability to report across resources – Usage instrumentation helps understand how users interact with TeraGrid across all platforms

Operations TGCDB/AMIE, POPS and Core Services –Some Definitions TGCDB is the Database of account and accounting records AMIE is the protocol for transferring records POPS is the system for submitting and reviewing allocations –Currently undergoing a major review and redesign of the account/allocations system –The accounting system is significant to us and the user community for several reasons Common account/allocation mechanism across HPC resources Relatively easy to add new resources Facilitates user portability and access to resources across the project

Operations Operations Challenges –There are a lot of places to collect data –It is difficult to get a complete picture in any particular area Network traffic levels can be measured, but the real question is about the applications that are driving that traffic. Some applications can be measured. Others are more challenging. We are instrumenting components in order to build up to the big picture –New systems with unique architectures are providing challenges with respect to how to balance commonality with resource needs. New resource deployment Regular reviews of software kits and deployment plans

Security Security has two main thrusts: –Operational Security/Incident Response –Security Architecture Operational Security/Incident Response (IR) –Security events happen. The goal of TG IR is to control the spread of incidents among the sites. –Communication is key to success. All sites participate in IR Regular calls combined with distinct tools to maintain a secure and rapid communication environment in the event of an incident The group is very successful at IR –Operational Sec includes TAGPMA, writing and reviewing policy, and working with WGs on implementation details.

Security Security Architecture –Emphasis is on design and keeping track of the big picture –Grid security –Gateway and Campus authentication and authorization

Security Challenges Policy crafting and adoption –NSF, DOE and campus cultures bring unique perspectives –We work for and obtain consensus –Example: Centralized password management Grid security and operations –Operational people are focused on traditional computer security and exposures –Architectural group creation was driven by the need for big-picture security –Example: capturing the process for distributing DNs for SSO Certificate based authentication needs –Accounting and record keeping –IR logging –Gateways, community accounts, and accountability –Example: Attribute passing and tracking