Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006.

Published byWalker Hayhurst Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006."— Presentation transcript:

1 Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006 CSG

2 http://www.albinoblacksheep.com/flash/nintendogs.php

3 U-M Contributors CITI – Andy Adamson – Charles Antonelli – Nathan Gallaher – Olga Kornievskaia – David Richter ITCom MGRID Work supported by OVPR and ITCom

4 SeRIF SeRIF : Secure Remote Invocation Framework Purpose : provide a secure and extensible remote process invocation service, with strong authentication and flexible authorization Based on Globus 2.4, GARA 1.2.2 Leverages existing user credentials – Kerberos (via kx509) Adds fine-grained authorization – Walden

5 SeRIF Central portal host – Authentication – Control (invocation, parameters, results) – Databases (LDAP) Dedicated remote nodes – Gatekeeper – Local scheduler for execution and cleanup – Provides status and output redirection – Fine grained authorization at resource

6 SeRIF Architecture mod ssl mod kx509 mod kct Apache Tomcat KCT GateKeeper Resource Grid Resource KCA kx509 kinit User Workstation KDC Kerberos V5 SSL – Client Certificate required GSI Kerberos SASL Portal 1 2 3 4 5 6 7 Authorization Resource Mgr SASL 8 WALDEN Authorization WALDEN libpkcs11 Browser mod php mod jk CHEF LDAP NW Topology Output

7 NTAP NTAP : Network Testing and Performance Purpose : provide a secure and extensible network testing and performance tool invocation service at U-M Uses SeRIF framework Runs on portal host and Performance Measurement Platforms (PMPs) attached to routers in a VLAN environment

8 NTAP Architecture Portal Router 1 Host A Router 2Router 3 Host B PMP 1PMP 2PMP 3 GSI Attribute Callout AFS PTS Flat File Walden (XACML)

9 Mapping and Reporting Segment mapping – Use traceroute to obtain packet routing path – Use network topology database to map each router to its associated PMP – Execute pairwise performance tests along path Reporting tool – Output hop-by-hop matrix display – Color-coded test history – Click through cells for detailed views Links to most recent tests

10 Host Endpoint Testing Solution to first mile problem – Leverages Network Diagnostic Tester Authenticated user clicks first-mile link – Portal runs traceroute back to client – Portal determines client’s first-hop router and attached PMP (running NDT server) from path and network topology database – Portal displays link to first-hop PMP – Client downloads NDT app from PMP as usual – Client runs NDT test and displays results as usual – NDT server sends results to NTAP database Router 1 Host A

11 Automated Testing Need repetitive, automated testing – … but with secure authentication and authorization Solution: renewable credentials – User obtains long-term credentials – Portal schedules repetitive testing – Prior to a test cycle, portal validates long-term credential and derives from it a short-term credential – Rest of SeRIF architecture unchanged

12 Future Work Post-processed statistics, graphs Measurement database reorganization – Scalability improvements Alternatives to topology database – Active infrastructure probing Automated tools a la NDT – Tune TCP stack – Detect conditions, e.g. duplex mismatches Cross-domain testing

13 Cross-Domain Testing Portal Router 1 Host A Router 2Router 3 Host B PMP 1PMP 2PMP 3 GSI Portal GSI Domain 1 Domain 2

14 Cross-Domain Testing Goals – Extend test path across administrative domains – Address larger end-to-end performance issues – Leverage SeRIF’s strong security and fine- grained authorization model – Promote SeRIF at other institutions – Share performance data among institutions

15 Cross-Domain Testing Approach – Retain portal within each domain – Originating portal runs traceroute Determines sequence of domains Verfies permissions for test Or “chunked” by domain – Each portal tests and stores local results Independently, or synchronized – Test data available via local SeRIF controls – Boundary-crossing segments Need cross-domain trust – Transit segments

16 Merit Measurement Infrastructure

17 Cross-Domain Testing Seeking – Large network testbed – Independent administrative domains – Partners – Funding – Proposal

18 SeRIF Resources SeRIF & NTAP home page –http://www.citi.umich.edu/projects/ntaphttp://www.citi.umich.edu/projects/ntap –FAQ & documentation –Download NTAP code & installation instructions Tools – iperf http://dast.nlanr.net/Projects/Iperf/ http://dast.nlanr.net/Projects/Iperf/ –ndt http://e2epi.internet2.edu/ndt/http://e2epi.internet2.edu/ndt/ –owamp http://e2epi.internet2.edu/owamp/http://e2epi.internet2.edu/owamp/

19 Any Questions? http://www.citi.umich.edu

Download ppt "Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Legal Meetings: Extended Instructions on Movica and Screencast.

Legal Meetings: Extended Instructions on Movica and Screencast.
TeraGrid Deployment Test of Grid Software JP Navarro TeraGrid Software Integration University of Chicago OGF 21 October 19, 2007.

TeraGrid Deployment Test of Grid Software JP Navarro TeraGrid Software Integration University of Chicago OGF 21 October 19, 2007.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
1 G2 and ActiveSheets Paul Roe QUT Yes Australia!

1 G2 and ActiveSheets Paul Roe QUT Yes Australia!
Mobility Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101

Mobility Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101
Remote Name Mapping for Linux NFSv4 Andy Adamson Center For Information Technology Integration University of Michigan August 2005.

Remote Name Mapping for Linux NFSv4 Andy Adamson Center For Information Technology Integration University of Michigan August 2005.
Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.

Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.

Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.

Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.
MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.

MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.
COS 461: Computer Networks

COS 461: Computer Networks

Similar presentations

Ads by Google