SlideShare a Scribd company logo

Science DMZ at Imperial

Jisc
Jisc

From Jisc's campus network engineering for data-intensive science workshop on 19 October 2016. https://www.jisc.ac.uk/events/campus-network-engineering-for-data-intensive-science-workshop-19-oct-2016

Technology
1 of 19
Download to read offline
Science DMZ at Imperial Phil Mayers, Campus network engineering workshop 19/10/2016 1
Science DMZ at Imperial Phil Mayers <p.mayers@imperial.ac.uk>
About Imperial ● 14,700 students, 8,000 staff ● Focused on science, engineering, medicine and business ● 6 major campuses in London, also Silwood Park, and medical sites ● Perhaps more centralised IT than many universities? ● Dual 2x10G connections to JANET ● Various sponsored a.k.a. BCE customers (NHM, Science Museum, NHS trust) ● GridPP / HEP work - close relationship with researchers
Campus network ● Decent size network - ~2400 switches, ~2300 APs, 15k simultaneous wifi users, >60k devices on-net including PCs, wifi/BYOD, SCADA, VoIP, etc. ● Campus to internet throughput ~2Gbit/s average, ~6Gbit/s peak (Oct 2016) ● Fully dual-stack network - 20-40% IPv6 by throughput, 15% by flows ● Typical architecture - switch, dist, router, core, firewall, wan
HEP group ● Main HEP grid cluster processes data for the LHC experiments, other physics experiments/projects & non-physics communities ○ CMS, LHCb, ATLAS, LZ, COMET, biomed & pheno are the main users ● 275 compute nodes (~4000 cores) connected on 1GbE ● 55 storage nodes (~3.7PB of disk) connected on 10GbE ● Simple stacked top-of-rack switches for connectivity ● Majority of WAN traffic is CMS local-storage <-> remote-storage ○ Popular datasets are automatically placed at CMS sites ○ Users can also request data: 50TB+ dataset requests not uncommon ● Local compute nodes can read remote storage over WAN (and vice versa) ○ Generally low rates compared to storage-storage transfers
HEP growth - 1gig April 2007
HEP growth - 10gig Oct 2011
HEP growth - 20gig Oct 2016
Issues faced ● Firewalls ○ Straight throughput ○ TCP window checking and other stateful inspection ○ Latency and jitter interfering with throughput ○ Impact on other traffic e.g. Office 365 is quite latency-sensitive with the Outlook client ● Equipment costs ○ Need the right size pipe at every forwarding hop ○ Building edge -> dist -> router -> core -> firewall -> WAN edge ○ A lot of those devices are of a class where fast ports are disproportionately costly ■ “Typical” campus router - approx. £1-2k for a 10gig port ■ 1U 48-port 10G switch - approx. £200 for a 10gig port
Solution - Science DMZ ● Had no idea it had a name when we built it! ● Separate L3 switch, outside firewall, routes HEP traffic straight onto core and onward to JANET ● Simple stateless ACLs for outer tier of security ● Fewer hops, shallower buffers, cheaper kit, wider pipes ● HEP @ Imperial - 4x10G ports to HEP, dual 2x10G ECMP to JANET ○ Split HEP into two subnets, use BGP communities outbound to split inbound traffic ○ Necessitates HEP managing which node IPs are used for transfer
Results - recent past ● Quite capable of driving 4x10G at >99.5% utilisation ● Apologies for the graph - low resolution and hourly averages hiding peaks ○ Don’t be fooled - 30-second and 5-minute averages on all 4 10G links to JANET were >99% load
Architecture Janet Border Firewall CoreDatacentre Science DMZ Possible
Benefits ● Works - capable of driving campus connectivity to capacity ● Cheap - equipment cost on our side manageable ○ As long as upstream connectivity exists, of course ● Easy - no need to poke at firewalls or building edge to improve throughput
Issues ● Works too well! ● At capacity, it can drive other traffic off the campus links ○ 64 bytes from ...: icmp_seq=856 ttl=49 time=104 ms ○ from a typical 2ms to the same site ○ Have seen 10gig links running at essentially 100% for >1 hour ● Need to ensure enough spare capacity for other uses ○ Rate-limiting port channels (shudder) ○ Rate-limit $here - sure it’ll be hashed to the same bundle members at $nexthop?
Results - Thu 13 Oct Latency across one leg of default route, versus throughput on same Noticeable to customers… not great. But very impressive throughput!
Issues - Mark 2 ● Cheap switches are cheap for a reason ● Doesn’t solve distance and fibre issues ○ Want to run in excess of 10G at distances of >10km? Get ready for a lot of zeroes ○ Fibre capacity on inter-site links (install & recurrent costs) ○ Or use DWDM (skills & training, tools, monitoring) - we do this ● Question mark over dual-use systems - is it appropriate to attach to DMZ ○ Can you do a windows domain login from a DMZ? ● Our implementation requires HEP team to split transfer nodes across two subnets, to make use of both inbound paths ● Security policy - speak to your IT Security team first!
Thoughts ● We are considering making Science DMZ a core part of network architecture ○ 100G still not cost-effective for widespread campus deployment - particularly if you are geographically distributed ○ Build parallel cheap/fast DMZ network, hook together at JANET & datacentre? ○ Present DMZ where needed (distance & fibre issues though…) ● Considerations ○ Equipment in normal office/lab locations e.g. high-throughput gene sequencers ○ Separate switches in wiring closets - have to manage patching, labelling, training ○ Spurious requests - people think they can drive 10gig and cannot ● Only applicable for mature research efforts with good tooling, IMO ○ Took GridPP community many years to be able to drive these speeds
Recommendations ● Speak to researchers! ● Consider appropriate cost/benefit of implementation ○ Cheap vs. high-end routers ○ Fixed versus expandable ● How will you scale, monitor, manage ○ Counters, API, routing/switching capability ● Consider your upstream capacity
LHCONE - if we have time ● Overlay L3VPN - used to steer HEP traffic down separate links ○ Funding reasons ● Imperial already do L3VPN internally for network segmentation ○ JANET presented LHCONE as 802.1q-tagged subint & BGP peering, into L3VPN on core ○ Core presents as 2x “peerings” (internet & LHCONE) to Science DMZ router ○ DMZ router follows routing table (401 IPv4 & 146 IPv6 BGP routes) ● Basically works ○ Very impressive throughput ● Reservations internally about ultimate scalability of this model ○ If we had a multi-researcher Science DMZ - how would that work? ○ Policy routing? Shoot me now please...

Recommended

Provisioning Janet
Provisioning JanetProvisioning Janet
Provisioning Janet
Jisc
 
Science DMZ
Science DMZScience DMZ
Science DMZ
Jisc
 
The Science DMZ
The Science DMZThe Science DMZ
The Science DMZ
Jisc
 
perfSONAR: getting telemetry on your network
perfSONAR: getting telemetry on your networkperfSONAR: getting telemetry on your network
perfSONAR: getting telemetry on your network
Jisc
 
Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...
Jisc
 
Archiving data from Durham to RAL using the File Transfer Service (FTS)
Archiving data from Durham to RAL using the File Transfer Service (FTS)Archiving data from Durham to RAL using the File Transfer Service (FTS)
Archiving data from Durham to RAL using the File Transfer Service (FTS)
Jisc
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ security
Jisc
 
Impact of Grid Computing on Network Operators and HW Vendors
Impact of Grid Computing on Network Operators and HW VendorsImpact of Grid Computing on Network Operators and HW Vendors
Impact of Grid Computing on Network Operators and HW Vendors
Tal Lavian Ph.D.
 

Recommended

Provisioning Janet
Provisioning JanetProvisioning Janet
Provisioning Janet
Jisc
 
Science DMZ
Science DMZScience DMZ
Science DMZ
Jisc
 
The Science DMZ
The Science DMZThe Science DMZ
The Science DMZ
Jisc
 
perfSONAR: getting telemetry on your network
perfSONAR: getting telemetry on your networkperfSONAR: getting telemetry on your network
perfSONAR: getting telemetry on your network
Jisc
 
Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...
Jisc
 
Archiving data from Durham to RAL using the File Transfer Service (FTS)
Archiving data from Durham to RAL using the File Transfer Service (FTS)Archiving data from Durham to RAL using the File Transfer Service (FTS)
Archiving data from Durham to RAL using the File Transfer Service (FTS)
Jisc
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ security
Jisc
 
Impact of Grid Computing on Network Operators and HW Vendors
Impact of Grid Computing on Network Operators and HW VendorsImpact of Grid Computing on Network Operators and HW Vendors
Impact of Grid Computing on Network Operators and HW Vendors
Tal Lavian Ph.D.
 
Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...
Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...
Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...
SURFnet
 
Common Design Elements for Data Movement Eli Dart
Common Design Elements for Data Movement Eli DartCommon Design Elements for Data Movement Eli Dart
Common Design Elements for Data Movement Eli Dart
Ed Dodds
 
Network monitoring system demonstration
Network monitoring system demonstrationNetwork monitoring system demonstration
Network monitoring system demonstration
Jisc
 
Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44
Jisc
 
Dev ops, noops or hypeops - Networkshop44
Dev ops, noops or hypeops - Networkshop44Dev ops, noops or hypeops - Networkshop44
Dev ops, noops or hypeops - Networkshop44
Jisc
 
Storage networking-technologies
Storage networking-technologiesStorage networking-technologies
Storage networking-technologies
sagaroceanic11
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
Jisc
 
Evolution of network - computer networks
Evolution of network - computer networksEvolution of network - computer networks
Evolution of network - computer networks
SabarishSanjeevi
 
Storage area network (san)
Storage area network (san) Storage area network (san)
Storage area network (san)
Satwik Kumar Shiri
 
SQL 2005 Disk IO Performance
SQL 2005 Disk IO PerformanceSQL 2005 Disk IO Performance
SQL 2005 Disk IO Performance
Information Technology
 
Challenges and Issues of Next Cloud Computing Platforms
Challenges and Issues of Next Cloud Computing PlatformsChallenges and Issues of Next Cloud Computing Platforms
Challenges and Issues of Next Cloud Computing Platforms
Frederic Desprez
 
Science DMZ as a Service: Creating Science Super- Facilities with GENI
Science DMZ as a Service: Creating Science Super- Facilities with GENIScience DMZ as a Service: Creating Science Super- Facilities with GENI
Science DMZ as a Service: Creating Science Super- Facilities with GENI
US-Ignite
 
C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...
C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...
C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...
J On The Beach
 
OCP awareness course taster session 01
OCP awareness course taster session 01OCP awareness course taster session 01
OCP awareness course taster session 01
John Laban
 
Active Nets Technology Transfer through High-Performance Network Devices
Active Nets Technology Transfer through High-Performance Network DevicesActive Nets Technology Transfer through High-Performance Network Devices
Active Nets Technology Transfer through High-Performance Network Devices
Tal Lavian Ph.D.
 
CloudLab Overview
CloudLab OverviewCloudLab Overview
CloudLab Overview
Ed Dodds
 
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)
Jose Antonio Coarasa Perez
 
Storage Area Network (San)
Storage Area Network (San)Storage Area Network (San)
Storage Area Network (San)
sankcomp
 
SAN Review
SAN ReviewSAN Review
SAN Review
Information Technology
 
SAN
SANSAN
SAN
Information Technology
 
Solving Network Throughput Problems at the Diamond Light Source
Solving Network Throughput Problems at the Diamond Light SourceSolving Network Throughput Problems at the Diamond Light Source
Solving Network Throughput Problems at the Diamond Light Source
Jisc
 
Challenges in end-to-end performance
Challenges in end-to-end performanceChallenges in end-to-end performance
Challenges in end-to-end performance
Jisc
 

More Related Content

What's hot

Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...
Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...
Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...
SURFnet
 
Common Design Elements for Data Movement Eli Dart
Common Design Elements for Data Movement Eli DartCommon Design Elements for Data Movement Eli Dart
Common Design Elements for Data Movement Eli Dart
Ed Dodds
 
Network monitoring system demonstration
Network monitoring system demonstrationNetwork monitoring system demonstration
Network monitoring system demonstration
Jisc
 
Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44
Jisc
 
Dev ops, noops or hypeops - Networkshop44
Dev ops, noops or hypeops - Networkshop44Dev ops, noops or hypeops - Networkshop44
Dev ops, noops or hypeops - Networkshop44
Jisc
 
Storage networking-technologies
Storage networking-technologiesStorage networking-technologies
Storage networking-technologies
sagaroceanic11
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
Jisc
 
Evolution of network - computer networks
Evolution of network - computer networksEvolution of network - computer networks
Evolution of network - computer networks
SabarishSanjeevi
 
Storage area network (san)
Storage area network (san) Storage area network (san)
Storage area network (san)
Satwik Kumar Shiri
 
SQL 2005 Disk IO Performance
SQL 2005 Disk IO PerformanceSQL 2005 Disk IO Performance
SQL 2005 Disk IO Performance
Information Technology
 
Challenges and Issues of Next Cloud Computing Platforms
Challenges and Issues of Next Cloud Computing PlatformsChallenges and Issues of Next Cloud Computing Platforms
Challenges and Issues of Next Cloud Computing Platforms
Frederic Desprez
 
Science DMZ as a Service: Creating Science Super- Facilities with GENI
Science DMZ as a Service: Creating Science Super- Facilities with GENIScience DMZ as a Service: Creating Science Super- Facilities with GENI
Science DMZ as a Service: Creating Science Super- Facilities with GENI
US-Ignite
 
C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...
C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...
C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...
J On The Beach
 
OCP awareness course taster session 01
OCP awareness course taster session 01OCP awareness course taster session 01
OCP awareness course taster session 01
John Laban
 
Active Nets Technology Transfer through High-Performance Network Devices
Active Nets Technology Transfer through High-Performance Network DevicesActive Nets Technology Transfer through High-Performance Network Devices
Active Nets Technology Transfer through High-Performance Network Devices
Tal Lavian Ph.D.
 
CloudLab Overview
CloudLab OverviewCloudLab Overview
CloudLab Overview
Ed Dodds
 
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)
Jose Antonio Coarasa Perez
 
Storage Area Network (San)
Storage Area Network (San)Storage Area Network (San)
Storage Area Network (San)
sankcomp
 
SAN Review
SAN ReviewSAN Review
SAN Review
Information Technology
 
SAN
SANSAN
SAN
Information Technology
 

What's hot (20)

Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...
Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...
Research data zone: veilige en geoptimaliseerde netwerkomgeving voor onderzoe...
 
Common Design Elements for Data Movement Eli Dart
Common Design Elements for Data Movement Eli DartCommon Design Elements for Data Movement Eli Dart
Common Design Elements for Data Movement Eli Dart
 
Network monitoring system demonstration
Network monitoring system demonstrationNetwork monitoring system demonstration
Network monitoring system demonstration
 
Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44Network engineering surgery - Networkshop44
Network engineering surgery - Networkshop44
 
Dev ops, noops or hypeops - Networkshop44
Dev ops, noops or hypeops - Networkshop44Dev ops, noops or hypeops - Networkshop44
Dev ops, noops or hypeops - Networkshop44
 
Storage networking-technologies
Storage networking-technologiesStorage networking-technologies
Storage networking-technologies
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
 
Evolution of network - computer networks
Evolution of network - computer networksEvolution of network - computer networks
Evolution of network - computer networks
 
Storage area network (san)
Storage area network (san) Storage area network (san)
Storage area network (san)
 
SQL 2005 Disk IO Performance
SQL 2005 Disk IO PerformanceSQL 2005 Disk IO Performance
SQL 2005 Disk IO Performance
 
Challenges and Issues of Next Cloud Computing Platforms
Challenges and Issues of Next Cloud Computing PlatformsChallenges and Issues of Next Cloud Computing Platforms
Challenges and Issues of Next Cloud Computing Platforms
 
Science DMZ as a Service: Creating Science Super- Facilities with GENI
Science DMZ as a Service: Creating Science Super- Facilities with GENIScience DMZ as a Service: Creating Science Super- Facilities with GENI
Science DMZ as a Service: Creating Science Super- Facilities with GENI
 
C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...
C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...
C2MON - A highly scalable monitoring platform for Big Data scenarios @CERN by...
 
OCP awareness course taster session 01
OCP awareness course taster session 01OCP awareness course taster session 01
OCP awareness course taster session 01
 
Active Nets Technology Transfer through High-Performance Network Devices
Active Nets Technology Transfer through High-Performance Network DevicesActive Nets Technology Transfer through High-Performance Network Devices
Active Nets Technology Transfer through High-Performance Network Devices
 
CloudLab Overview
CloudLab OverviewCloudLab Overview
CloudLab Overview
 
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)
The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)
 
Storage Area Network (San)
Storage Area Network (San)Storage Area Network (San)
Storage Area Network (San)
 
SAN Review
SAN ReviewSAN Review
SAN Review
 
SAN
SANSAN
SAN
 

Viewers also liked

Solving Network Throughput Problems at the Diamond Light Source
Solving Network Throughput Problems at the Diamond Light SourceSolving Network Throughput Problems at the Diamond Light Source
Solving Network Throughput Problems at the Diamond Light Source
Jisc
 
Challenges in end-to-end performance
Challenges in end-to-end performanceChallenges in end-to-end performance
Challenges in end-to-end performance
Jisc
 
110G networking within JASMIN
110G networking within JASMIN110G networking within JASMIN
110G networking within JASMIN
Jisc
 
Electron Microscopy Between OPIC, Oxford and eBIC
Electron Microscopy Between OPIC, Oxford and eBICElectron Microscopy Between OPIC, Oxford and eBIC
Electron Microscopy Between OPIC, Oxford and eBIC
Jisc
 
Protecting our customers - BT security
Protecting our customers - BT securityProtecting our customers - BT security
Protecting our customers - BT security
Jisc
 
Data and information governance: getting this right to support an information...
Data and information governance: getting this right to support an information...Data and information governance: getting this right to support an information...
Data and information governance: getting this right to support an information...
Jisc
 
Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"
Jisc
 
Role of the CISO in Higher Education
Role of the CISO in Higher EducationRole of the CISO in Higher Education
Role of the CISO in Higher Education
Jisc
 
Mitigation starts now
Mitigation starts nowMitigation starts now
Mitigation starts now
Jisc
 
Certifying and Securing a Trusted Environment for Health Informatics Research...
Certifying and Securing a Trusted Environment for Health Informatics Research...Certifying and Securing a Trusted Environment for Health Informatics Research...
Certifying and Securing a Trusted Environment for Health Informatics Research...
Jisc
 
Working with students and ISO27001
Working with students and ISO27001Working with students and ISO27001
Working with students and ISO27001
Jisc
 
Closing plenary and keynote from Lauren Sager Weinstein
Closing plenary and keynote from Lauren Sager WeinsteinClosing plenary and keynote from Lauren Sager Weinstein
Closing plenary and keynote from Lauren Sager Weinstein
Jisc
 

Viewers also liked (12)

Solving Network Throughput Problems at the Diamond Light Source
Solving Network Throughput Problems at the Diamond Light SourceSolving Network Throughput Problems at the Diamond Light Source
Solving Network Throughput Problems at the Diamond Light Source
 
Challenges in end-to-end performance
Challenges in end-to-end performanceChallenges in end-to-end performance
Challenges in end-to-end performance
 
110G networking within JASMIN
110G networking within JASMIN110G networking within JASMIN
110G networking within JASMIN
 
Electron Microscopy Between OPIC, Oxford and eBIC
Electron Microscopy Between OPIC, Oxford and eBICElectron Microscopy Between OPIC, Oxford and eBIC
Electron Microscopy Between OPIC, Oxford and eBIC
 
Protecting our customers - BT security
Protecting our customers - BT securityProtecting our customers - BT security
Protecting our customers - BT security
 
Data and information governance: getting this right to support an information...
Data and information governance: getting this right to support an information...Data and information governance: getting this right to support an information...
Data and information governance: getting this right to support an information...
 
Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"Cyber Crime - "Who, What and How"
Cyber Crime - "Who, What and How"
 
Role of the CISO in Higher Education
Role of the CISO in Higher EducationRole of the CISO in Higher Education
Role of the CISO in Higher Education
 
Mitigation starts now
Mitigation starts nowMitigation starts now
Mitigation starts now
 
Certifying and Securing a Trusted Environment for Health Informatics Research...
Certifying and Securing a Trusted Environment for Health Informatics Research...Certifying and Securing a Trusted Environment for Health Informatics Research...
Certifying and Securing a Trusted Environment for Health Informatics Research...
 
Working with students and ISO27001
Working with students and ISO27001Working with students and ISO27001
Working with students and ISO27001
 
Closing plenary and keynote from Lauren Sager Weinstein
Closing plenary and keynote from Lauren Sager WeinsteinClosing plenary and keynote from Lauren Sager Weinstein
Closing plenary and keynote from Lauren Sager Weinstein
 

Similar to Science DMZ at Imperial

Hadoop Networking at Datasift
Hadoop Networking at DatasiftHadoop Networking at Datasift
Hadoop Networking at Datasift
huguk
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
VirtualTech Japan Inc.
 
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloudLAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
Jisc
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
GLC Networks
 
100G Networking Berlin.pdf
100G Networking Berlin.pdf100G Networking Berlin.pdf
100G Networking Berlin.pdf
JunZhao68
 
Future services on Janet
Future services on JanetFuture services on Janet
Future services on Janet
Jisc
 
40 Powers of 10 - Simulating the Universe with the DiRAC HPC Facility
40 Powers of 10 - Simulating the Universe with the DiRAC HPC Facility40 Powers of 10 - Simulating the Universe with the DiRAC HPC Facility
40 Powers of 10 - Simulating the Universe with the DiRAC HPC Facility
inside-BigData.com
 
Lecture notes - Data Centers________.pptx
Lecture notes - Data Centers________.pptxLecture notes - Data Centers________.pptx
Lecture notes - Data Centers________.pptx
SandeepGupta229023
 
PLNOG 13: Alexis Dacquay: Handling high-bandwidth-consumption applications in...
PLNOG 13: Alexis Dacquay: Handling high-bandwidth-consumption applications in...PLNOG 13: Alexis Dacquay: Handling high-bandwidth-consumption applications in...
PLNOG 13: Alexis Dacquay: Handling high-bandwidth-consumption applications in...
PROIDEA
 
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchDPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
Jim St. Leger
 
Can today’s Internet protocols deliver URLLC?
Can today’s Internet protocols deliver URLLC?Can today’s Internet protocols deliver URLLC?
Can today’s Internet protocols deliver URLLC?
3G4G
 
What is 3d torus
What is 3d torusWhat is 3d torus
What is 3d torus
Eurotech Aurora
 
GÉANT TURN pilot
GÉANT TURN pilotGÉANT TURN pilot
GÉANT TURN pilot
Mihály Mészáros
 
Bare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking DiscussionBare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking Discussion
Carl Perry
 
Tech 2 tech low latency networking on Janet presentation
Tech 2 tech low latency networking on Janet presentationTech 2 tech low latency networking on Janet presentation
Tech 2 tech low latency networking on Janet presentation
Jisc
 
Named Data Networking Operational Aspects - IoT as a Use-case
Named Data Networking Operational Aspects - IoT as a Use-caseNamed Data Networking Operational Aspects - IoT as a Use-case
Named Data Networking Operational Aspects - IoT as a Use-case
Rute C. Sofia
 
Expectations for optical network from the viewpoint of system software research
Expectations for optical network from the viewpoint of system software researchExpectations for optical network from the viewpoint of system software research
Expectations for optical network from the viewpoint of system software research
Ryousei Takano
 
computer networks_fundamentals.pptx
computer networks_fundamentals.pptxcomputer networks_fundamentals.pptx
computer networks_fundamentals.pptx
ssuser5cb8d3
 
Thunderbolt seminar report
Thunderbolt seminar reportThunderbolt seminar report
Thunderbolt seminar report
Amit Sinha
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7
jemtallon
 

Similar to Science DMZ at Imperial (20)

Hadoop Networking at Datasift
Hadoop Networking at DatasiftHadoop Networking at Datasift
Hadoop Networking at Datasift
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
 
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloudLAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
LAN, WAN, SAN upgrades: hyperconverged vs traditional vs cloud
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
 
100G Networking Berlin.pdf
100G Networking Berlin.pdf100G Networking Berlin.pdf
100G Networking Berlin.pdf
 
Future services on Janet
Future services on JanetFuture services on Janet
Future services on Janet
 
40 Powers of 10 - Simulating the Universe with the DiRAC HPC Facility
40 Powers of 10 - Simulating the Universe with the DiRAC HPC Facility40 Powers of 10 - Simulating the Universe with the DiRAC HPC Facility
40 Powers of 10 - Simulating the Universe with the DiRAC HPC Facility
 
Lecture notes - Data Centers________.pptx
Lecture notes - Data Centers________.pptxLecture notes - Data Centers________.pptx
Lecture notes - Data Centers________.pptx
 
PLNOG 13: Alexis Dacquay: Handling high-bandwidth-consumption applications in...
PLNOG 13: Alexis Dacquay: Handling high-bandwidth-consumption applications in...PLNOG 13: Alexis Dacquay: Handling high-bandwidth-consumption applications in...
PLNOG 13: Alexis Dacquay: Handling high-bandwidth-consumption applications in...
 
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitchDPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
DPDK Summit - 08 Sept 2014 - NTT - High Performance vSwitch
 
Can today’s Internet protocols deliver URLLC?
Can today’s Internet protocols deliver URLLC?Can today’s Internet protocols deliver URLLC?
Can today’s Internet protocols deliver URLLC?
 
What is 3d torus
What is 3d torusWhat is 3d torus
What is 3d torus
 
GÉANT TURN pilot
GÉANT TURN pilotGÉANT TURN pilot
GÉANT TURN pilot
 
Bare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking DiscussionBare Metal Club ATX: Networking Discussion
Bare Metal Club ATX: Networking Discussion
 
Tech 2 tech low latency networking on Janet presentation
Tech 2 tech low latency networking on Janet presentationTech 2 tech low latency networking on Janet presentation
Tech 2 tech low latency networking on Janet presentation
 
Named Data Networking Operational Aspects - IoT as a Use-case
Named Data Networking Operational Aspects - IoT as a Use-caseNamed Data Networking Operational Aspects - IoT as a Use-case
Named Data Networking Operational Aspects - IoT as a Use-case
 
Expectations for optical network from the viewpoint of system software research
Expectations for optical network from the viewpoint of system software researchExpectations for optical network from the viewpoint of system software research
Expectations for optical network from the viewpoint of system software research
 
computer networks_fundamentals.pptx
computer networks_fundamentals.pptxcomputer networks_fundamentals.pptx
computer networks_fundamentals.pptx
 
Thunderbolt seminar report
Thunderbolt seminar reportThunderbolt seminar report
Thunderbolt seminar report
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7
 

More from Jisc

Adobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptxAdobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Jisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of SheffieldJisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of Sheffield
Jisc
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
Jisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
Jisc
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
Jisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
Jisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
Jisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
Jisc
 

More from Jisc (20)

Adobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptxAdobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptx
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Jisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of SheffieldJisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of Sheffield
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 

Recently uploaded

Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 

Recently uploaded (20)

Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 

Science DMZ at Imperial

  • 1. Science DMZ at Imperial Phil Mayers, Campus network engineering workshop 19/10/2016 1
  • 2. Science DMZ at Imperial Phil Mayers <p.mayers@imperial.ac.uk>
  • 3. About Imperial ● 14,700 students, 8,000 staff ● Focused on science, engineering, medicine and business ● 6 major campuses in London, also Silwood Park, and medical sites ● Perhaps more centralised IT than many universities? ● Dual 2x10G connections to JANET ● Various sponsored a.k.a. BCE customers (NHM, Science Museum, NHS trust) ● GridPP / HEP work - close relationship with researchers
  • 4. Campus network ● Decent size network - ~2400 switches, ~2300 APs, 15k simultaneous wifi users, >60k devices on-net including PCs, wifi/BYOD, SCADA, VoIP, etc. ● Campus to internet throughput ~2Gbit/s average, ~6Gbit/s peak (Oct 2016) ● Fully dual-stack network - 20-40% IPv6 by throughput, 15% by flows ● Typical architecture - switch, dist, router, core, firewall, wan
  • 5. HEP group ● Main HEP grid cluster processes data for the LHC experiments, other physics experiments/projects & non-physics communities ○ CMS, LHCb, ATLAS, LZ, COMET, biomed & pheno are the main users ● 275 compute nodes (~4000 cores) connected on 1GbE ● 55 storage nodes (~3.7PB of disk) connected on 10GbE ● Simple stacked top-of-rack switches for connectivity ● Majority of WAN traffic is CMS local-storage <-> remote-storage ○ Popular datasets are automatically placed at CMS sites ○ Users can also request data: 50TB+ dataset requests not uncommon ● Local compute nodes can read remote storage over WAN (and vice versa) ○ Generally low rates compared to storage-storage transfers
  • 6. HEP growth - 1gig April 2007
  • 7. HEP growth - 10gig Oct 2011
  • 8. HEP growth - 20gig Oct 2016
  • 9. Issues faced ● Firewalls ○ Straight throughput ○ TCP window checking and other stateful inspection ○ Latency and jitter interfering with throughput ○ Impact on other traffic e.g. Office 365 is quite latency-sensitive with the Outlook client ● Equipment costs ○ Need the right size pipe at every forwarding hop ○ Building edge -> dist -> router -> core -> firewall -> WAN edge ○ A lot of those devices are of a class where fast ports are disproportionately costly ■ “Typical” campus router - approx. £1-2k for a 10gig port ■ 1U 48-port 10G switch - approx. £200 for a 10gig port
  • 10. Solution - Science DMZ ● Had no idea it had a name when we built it! ● Separate L3 switch, outside firewall, routes HEP traffic straight onto core and onward to JANET ● Simple stateless ACLs for outer tier of security ● Fewer hops, shallower buffers, cheaper kit, wider pipes ● HEP @ Imperial - 4x10G ports to HEP, dual 2x10G ECMP to JANET ○ Split HEP into two subnets, use BGP communities outbound to split inbound traffic ○ Necessitates HEP managing which node IPs are used for transfer
  • 11. Results - recent past ● Quite capable of driving 4x10G at >99.5% utilisation ● Apologies for the graph - low resolution and hourly averages hiding peaks ○ Don’t be fooled - 30-second and 5-minute averages on all 4 10G links to JANET were >99% load
  • 13. Benefits ● Works - capable of driving campus connectivity to capacity ● Cheap - equipment cost on our side manageable ○ As long as upstream connectivity exists, of course ● Easy - no need to poke at firewalls or building edge to improve throughput
  • 14. Issues ● Works too well! ● At capacity, it can drive other traffic off the campus links ○ 64 bytes from ...: icmp_seq=856 ttl=49 time=104 ms ○ from a typical 2ms to the same site ○ Have seen 10gig links running at essentially 100% for >1 hour ● Need to ensure enough spare capacity for other uses ○ Rate-limiting port channels (shudder) ○ Rate-limit $here - sure it’ll be hashed to the same bundle members at $nexthop?
  • 15. Results - Thu 13 Oct Latency across one leg of default route, versus throughput on same Noticeable to customers… not great. But very impressive throughput!
  • 16. Issues - Mark 2 ● Cheap switches are cheap for a reason ● Doesn’t solve distance and fibre issues ○ Want to run in excess of 10G at distances of >10km? Get ready for a lot of zeroes ○ Fibre capacity on inter-site links (install & recurrent costs) ○ Or use DWDM (skills & training, tools, monitoring) - we do this ● Question mark over dual-use systems - is it appropriate to attach to DMZ ○ Can you do a windows domain login from a DMZ? ● Our implementation requires HEP team to split transfer nodes across two subnets, to make use of both inbound paths ● Security policy - speak to your IT Security team first!
  • 17. Thoughts ● We are considering making Science DMZ a core part of network architecture ○ 100G still not cost-effective for widespread campus deployment - particularly if you are geographically distributed ○ Build parallel cheap/fast DMZ network, hook together at JANET & datacentre? ○ Present DMZ where needed (distance & fibre issues though…) ● Considerations ○ Equipment in normal office/lab locations e.g. high-throughput gene sequencers ○ Separate switches in wiring closets - have to manage patching, labelling, training ○ Spurious requests - people think they can drive 10gig and cannot ● Only applicable for mature research efforts with good tooling, IMO ○ Took GridPP community many years to be able to drive these speeds
  • 18. Recommendations ● Speak to researchers! ● Consider appropriate cost/benefit of implementation ○ Cheap vs. high-end routers ○ Fixed versus expandable ● How will you scale, monitor, manage ○ Counters, API, routing/switching capability ● Consider your upstream capacity
  • 19. LHCONE - if we have time ● Overlay L3VPN - used to steer HEP traffic down separate links ○ Funding reasons ● Imperial already do L3VPN internally for network segmentation ○ JANET presented LHCONE as 802.1q-tagged subint & BGP peering, into L3VPN on core ○ Core presents as 2x “peerings” (internet & LHCONE) to Science DMZ router ○ DMZ router follows routing table (401 IPv4 & 146 IPv6 BGP routes) ● Basically works ○ Very impressive throughput ● Reservations internally about ultimate scalability of this model ○ If we had a multi-researcher Science DMZ - how would that work? ○ Policy routing? Shoot me now please...