Live netcast and video on demand information. Thimble - Secure, high-speed connectivity with OpenFlow & Science DMZ

January 15, 2013, 2:40 PM - 3:00 PM
Hawaii (GMT - 10)
Location: Keoni
Add to iCal Add to Google Calendar Twitter hashtag link
  • Sam Russell
    REANNZ  [pdf]
  • Session Evaluation
    Session Abstract Campus infrastructures designed to support backend office systems and implementing strict firewall policies at the border are often incompatible with researchers' needs to regularly move large files. ESnet’s “Science DMZ” architecture moves data-transfer nodes outside the firewall, solving part of the high-speed data transfer problem, but reintroducing security problems that were “solved” by the firewall. Numerous approaches attempt to address these issues, from hardening the servers within the Science DMZ, to using short-term virtual circuits such as OSCARS (but only if these are supported by the network provider).

    This talk will cover a Thimble - OpenFlow-enabled device at the edge of a Science DMZ with a clean web interface that lets researchers poke small holes into the Science DMZ as they need them. This provides many of the security benefits of virtual circuits without requiring support from the WAN. The end result markedly reduces the attack surface, while allowing data-intensive science to enjoy maximum use of the network infrastructure. The talk will cover: - how to build a Thimble in a few hours, using the POX OpenFlow controller, and Django, the open source web framework. - lessons learned from designing Thimble - areas for further development, such as integration with Shibboleth and OSCARS, and network-aware applications that can benefit from network-wide OpenFlow deployment - how to apply Thimble in other research networks to support data-intensive science across the Pacific

    If you attended this meeting, please fill out the Session Evaluation

    Netcast Archive Streams [Flash (High)]
    Related Topic Areas