ESA UNCLASSIFIED – For Official Use High Speed Network and Security For Copernicus Communities Case Study ESA EOP-G Network & Security Team Francesco Nisi,

Slides:



Advertisements
Similar presentations
GEOSS Workshop 20 September 2013 ESRIN P. Bargellini, Ground Segment and Mission Operations Department, Earth Observation Programmes Directorate, European.
Advertisements

Space/GMES and Climate Change Mikko Strahlendorff, GMES Bureau.
Upgrading the Oracle Applications: Going Beyond the Technical Upgrade Atlanta OAUG March 19, 1999 Robert Cooney.
GEO SB-01 Oceans and Society: Blue Planet An Integrating Oceans Task of GEO GEO-IX Plenary November 2012 Foz do Iguaçu, Brazil on behalf of the Blue.
Slide: 1 ROSA GRAS Meeting February 2009 Matera, Italy User Services EUMETSAT EUMETSAT Data Access & User Support.
 Contributing >30% of throughput to ATLAS and CMS in Worldwide LHC Computing Grid  Reliant on production and advanced networking from ESNET, LHCNET and.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
Cisco 3 - Switches Perrine - Brierley Page 15/10/2015 Module 5 Switches LAN Design LAN Switches.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Frank Martin Seifert EO Science and Applications Division ESA Earth Observation Programme SDCG-6 | 23 October 2014 | Oslo The European Copernicus Programme.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
 Introduction  History  Responsibilities  Policy Goals  Satellite Communications  Space Policy  Space Policy.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Routing and Switching in the Enterprise – Chapter 1 Networking.
KEK Network Qi Fazhi KEK SW L2/L3 Switch for outside connections Central L2/L3 Switch A Netscreen Firewall Super Sinet Router 10GbE 2 x GbE IDS.
Design Windows Media Services Infrastructure. Module 7: Design Windows Media Services Infrastructure Design Windows Media Services for live streaming.
The Preparatory Phase Proposal a first draft to be discussed.
Introductionto Networking Basics By Avinash Kulkarni.
ALICE data access WLCG data WG revival 4 October 2013.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE II - Network Service Level Agreement (SLA) Establishment EGEE’07 Mary Grammatikou.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.
Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Community Tour 2011 Infrastrutture in evoluzione.
WG Goals and Workplan We have a charter, we have a group of interested people…what are our plans? goalsOur goals should reflect what we have listed in.
CAPACITY Operational Atmospheric Chemistry Monitoring Missions CAPACITY Final Meeting - WP Ground Segment synthesis Final Meeting ESTEC02/06/05.
1 ASTER DATA Transfer System Earth Remote Sensing Data Analysis Center Kunjuro Omagari ERSDAC 23th APAN Meeting.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Management for IP-based Applications Mike Fisher BTexaCT Research
Some Ideas for Network Consolidation GTRA Conference June 24 th, 2012 Bedford Springs.
Data transfer over the wide area network with a large round trip time H. Matsunaga, T. Isobe, T. Mashimo, H. Sakamoto, I. Ueda International Center for.
INTERNET INFRASTRUCTURE. LANS WANS INTRANETS AND EXTRANETS WIRELESS NETWORKS.
ASCR/ESnet Network Requirements an Internet2 Perspective 2009 ASCR/ESnet Network Requirements Workshop April 15/16, 2009 Richard Carlson -- Internet2.
Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.
Page 1 Unclassified _NB_Next Steps.ppt Phillip E. Paulsen Space Communications Office NASA Glenn Research Center (GRC) Cleveland, Ohio 6 November.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
1 Network Measurement Summary ESCC, Feb Joe Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.
Connect. Communicate. Collaborate perfSONAR MDM Service for LHC OPN Loukik Kudarimoti DANTE.
Cisco 3 - Switches Perrine - Brierley Page 112/1/2015 Module 5 Switches.
NSF ANNUAL REVIEW June 2010 Ocean Observatories Initiative OOI Cyberinfrastructure Terrestrial CyberPoPs Implementation Matthew Arrott, Mark James, Brian.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.
1 Earth Science Technology Office The Earth Science (ES) Vision: An intelligent Web of Sensors IGARSS 2002 Paper 02_06_08:20 Eduardo Torres-Martinez –
IPSentinel Portuguese Infrastructure for Storage and dissemination of Satellite Sentinel Images PT02_Aviso3_003.
The Copernicus Sentinel-3 Mission: Update on status Susanne Mecklenburg – ESA Sentinel-3 Mission Manager Sentinel-3 ESA development & operations teams.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
DA Task Report Report by Rick Lawford and Toshio Koike ADC Meeting September 2008 Boulder.
Cloud-based e-science drivers for ESAs Sentinel Collaborative Ground Segment Kostas Koumandaros Greek Research & Technology Network Open Science retreat.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Simple, End-to-End Performance Management Application Performance.
Data Hosting and Security Overview January, 2011.
COMPREHENSIVE SECURITY FRAMEWORK FOR COPERNICUS: FREE & OPEN DATA ACCESS TNC15 - Porto (Portugal), 17/06/2015 ESA EOP-G Network and Security team Barbara.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
1 Deploying Measurement Systems in ESnet Joint Techs, Feb Joseph Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.
City of Hyattsville City Council IT Briefing October 19, 2015 dataprise.com | #ITinRealLife.
Status of Sentinel-3 activities at EUMETSAT SIT-31 Agenda Item # 13 ESA/ESRIN, Frascati, Italy 19 th -20 th April 2016 Committee on Earth Observation Satellites.
Sentinel Data Access for Africa 11 December 2014 Sentinels Data Access for Africa.
UNM SCIENCE DMZ Sean Taylor Senior Network Engineer.
Copernicus Data & Information Access Service → DIAS 28 September 2016.
Bob Jones EGEE Technical Director
Accessing the VI-SEEM infrastructure
Lab A: Planning an Installation
BEST CLOUD COMPUTING PLATFORM Skype : mukesh.k.bansal.
CompTIA Security+ SY0-401 Real Exam Question Answer
Securing the Network Perimeter with ISA 2004
Network Requirements Javier Orellana
Copernicus Programme European Commission CEOS Plenary 2017
Leigh Grundhoefer Indiana University
File Transfer Issues with TCP Acceleration with FileCatalyst
Big-Data around the world
Ron Carovano Manager, Business Development F5 Networks
Microsoft Virtual Academy
Presentation transcript:

ESA UNCLASSIFIED – For Official Use High Speed Network and Security For Copernicus Communities Case Study ESA EOP-G Network & Security Team Francesco Nisi, RHEA System SA TNC-15 - Porto (Portugal), 17/06/2015

ESA UNCLASSIFIED – For Official Use Copernicus Programme In-Situ Compone nt Services Compone nt Copernicus (formerly known as GMES) is a European space flagship programme led by the European Union Provides the necessary data for operational monitoring of the environment and for civil security, generated (several TB/day) by a fleet of satellites called Sentinels equipped with new generation instruments Users shall have free, full and open access to Copernicus dedicated Sentinel data and Copernicus service information ESA coordinates the Space Component Space Component

ESA UNCLASSIFIED – For Official Use Copernicus Ground Segment Circulation and Dissemination Network Circulation Network Dissemination Network “Internet” Other services Mirror Sites General Public Firewall & CPE Tailored access for specific user communities

ESA UNCLASSIFIED – For Official Use Copernicus Network & Security Services Procurement and Deployment milestones The Network & Security services implements the Circulation and Dissemination networks Open Tender according to ESA procurement regulations - issued on June 2012 Contract awarded to a commercial provider and kicked-off in February 2013 The five Sentinel-1 facilities ready in pre-operation in September 2013 Nominal operations started on December : Network completed with S2 and S3 facilities, Central Dissemination facility The Challenges Provide high speed (10G) WAN network between facilities located Mainland Europe and with the remote receiving stations; Provide a high capacity (10G+) and scalable solution to disseminate huge amount of data to user communities Ensure Security and open the network to multiple communities at the same time

ESA UNCLASSIFIED – For Official Use Copernicus Ground Segment 3 Core Ground Stations 5 Processing & Archiving Centres Mission Performance Centres PDMC Centres Marine Centre EDRS Receiving Station (2015) Virtual Archives & Processing Distributed over 11+ Facilities

ESA UNCLASSIFIED – For Official Use Agenda Copernicus Ground Segment The Copernicus WAN Solution Service Model Verification & Validation Conclusions The Copernicus WAN Solution

ESA UNCLASSIFIED – For Official Use The Network & Security Services Centralised services design for easier management and control Central Service Area in two Twin Core Data Center Hosts the Copernicus central services: Internet Access, Auxiliary Services (DNS, NTP, Proxy, Mail Relay), RAS and Pick-Up Point (storage and data dissemination) Local Services: Firewall/IDPS + Local LAN Connected via the Intranet Service

ESA UNCLASSIFIED – For Official Use WAN Intranet Service The DWDM Backbone 10G DWDM Backbone IP/MPLS connectivity 3 VRFs Both links active and carrying traffic in nominal conditions 9K MTU end-to-end

ESA UNCLASSIFIED – For Official Use Internet Access Service Redundant 10 Gbps connection to DTAG Backbone Autonomous System 3320 with peering agreements on a global scale Scalable by adding additional 10 G links Security enforcement Connected with GEANT via third AS with multiple connections Serves Core Users community accessing the local DMZs Dedicated GEANT connectivity via DFN (planned)

ESA UNCLASSIFIED – For Official Use Pick-Up Point Service A Central Virtual Archive Service Storage area connected at 10 Gbps to the Internet backbone Rolling archive for 12 months of Sentinels products Ready for 10+ Petabyte of storage (3 PB by 2015) Maximum performance thanks to reduced network latency Based on virtualised infrastructure Available for scientific community and general public Connectivity to academic user community via GEANT (planned)

ESA UNCLASSIFIED – For Official Use Security Services The Defence Perimeter DDOS Ctrl FWs +IDPS Ctrl Services Loc. FW+IDPS End Systems Redundant central firewalls to enforce the EU/ESA security policies Redundant DDoS self-learning detection and mitigation IDS/IPS detection and blocking Central events correlation service Redundant Proxies Peripheral firewalls with local IPS/IDS ACLs and Iptables SIEM solution

ESA UNCLASSIFIED – For Official Use Security Services Security Policy Enforcement ESA Earth Observation Security Policy Enforcement Only authorized and documented Data Flows are traversing the local and central Firewall PDGS Systems published on Internet only after successful Security Plan process Proxy and Mail-Relay accessible by authenticated clients Proxy URL Filtering based on white list allowing only business related destinations Continuous process for monitoring and fine tuning of the DDoS, IDPS and Firewalls configuration Continuous update and patching process

ESA UNCLASSIFIED – For Official Use Agenda Introduction The Copernicus WAN Solution Verification & Validation Conclusions Service Model

ESA UNCLASSIFIED – For Official Use Service Model Service Level Agreement Service coverage for all the services: 24/7 Target availability for the connectivity services: 99.95% Maximum Time To Repair for blocking/critical incidents: 4/8 hours Change implementation time: 8 hours Penalty scheme associated to each service level target One provider for all the Services Single contact point for all the services available 24/7 Network Operations Center (NOC) Security Operations Center (SOC)

ESA UNCLASSIFIED – For Official Use Agenda Introduction The Copernicus WAN Solution Service Model Network Operations Conclusions Verification & Validation

ESA UNCLASSIFIED – For Official Use Verification & Validation Approach V&V Approach LAB Test for Design validation Verification of each service element during the deployment phase Validation during the Service Acceptance Testing Areas Functional test to verify the configuration of each element and integration in the monitoring & control tools and other PDGS elements Performance tests: Line capacity and line quality (packet loss, jitter, latency); TCP Throughputs; Auxiliary services performance baseline (e.g.: DNS, NTP, Proxy) Redundancy: Extensive test campaign performed to verify the redundancy and failover behaviour of each solution element Security: Penetration and DDoS test (external specialised company)

ESA UNCLASSIFIED – For Official Use Intranet Service (1/2) Test Results Highlights Tools based on IXIA technology with multiple 10Gbps TCP/UDP traffic generators Lines are clean and enable applications/OS to use large TCP window RTDs in line with expected values due to the distances. Some room for improvements. Failover behaviour as by design

ESA UNCLASSIFIED – For Official Use Intranet Service (2/2) Test Results Highlights Findings: The file size has a big impact of the throughput Noticeable improvement derived from TCP configuration parameters fine tuning. Some TCP parameters(i.e.: congestion avoidance algorithm) are effective only to specific scenarios -> customization per project is necessary File size Buffer size = 16 MB TCP congestion avoidance algorithm Buffer size = 2 MB TCP congestion avoidance algorithm Cubic (KB/s) HTCP (KB/s) Hybla (KB/s) Cubic (KB/s) HTCP (KB/s) Hybla (KB/s) 20 MB MB MB GB

ESA UNCLASSIFIED – For Official Use Internet Service Test Results Highlights (will be expanded) User AS Path RTD [ms] IPerf tests [Mbps] FTP Downloads [Mbps] Remark University of Tokyo, Japan AS2501/AS2907/ AS701/AS University of Leeds, UK AS786/AS1299/ AS Not conducted Using FTP Using WGET STFC Chilton, UK AS786/AS1299/ AS Average values Peak value University of Miami, USA AS451/AS209 /AS Not conducted IREA-CNR Naples, Italy AS137/AS3356/ AS Local WAN limit of 100 Mbit/s Test campaign to assess the achievable performance via commercial Internet for different user communities Good performance with peaks up to nearly 900 Mbps for European users with 45 ms RTD, and TCP stack and servers optimization and high speed local Internet access Performance strongly depends on the remote user systems fine tuning and application used for the download

ESA UNCLASSIFIED – For Official Use Agenda Introduction The Copernicus WAN Solution Service Model Verification & Validation Conclusions

ESA UNCLASSIFIED – For Official Use Conclusions Utilization of DWDM technologies to build a 10G capable network backbone between Copernicus sites ensure the needed network capacity and stability Performance tests confirm the importance of the end systems fine tuning to get the highest achievable performance. The current Internet access based on multiple 10G nodes via commercial provider ensures the needed capacity for data dissemination to the general public and all scientific communities WHAT NEXT: Increase the dissemination capabilities in order to serve the additional user communities that will access to the new Sentinels data portals Deploy a dedicated 10 Gbps connection between Copernicus and GEANT networks to improve the access capacity for scientific communities connected to the academic networks Build and integrate a performance monitoring solution

ESA UNCLASSIFIED – For Official Use Important Dates: Deadline for abstract submission16 October 2015 Notification of AcceptancesEnd January 2016 Issue of Preliminary ProgrammeFebruary 2016 Opening of Registration to the SymposiumFebruary 2016 Release of the Final Programme at the symposium Submission of Full Papers at the symposium Themes: Atmosphere, Oceanography, Cryosphere, Land, Hazards, Climate and Meteorology, Solid Earth/Geodesy, Near-Earth Environment, Methodologies and Products, Open Science PRAGUE MAY 2016 Main Objective: Presentation of Exploitation Results based on ESA Earth Observation Measurements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.