MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.

Slides:

Advertisements

Similar presentations

Data Management Expert Panel - WP2. WP2 Overview.

Advertisements

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006.

Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

PlanetLab Operating System support* *a work in progress.

11 Modelnet Emulation environment for wide-area systems

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.

Mr. Mark Welton.  Three-tiered Architecture  Collapsed core – no distribution  Collapsed core – no distribution or access.

Understanding Active Directory

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.

Implementing Dynamic Host Configuration Protocol

Implementing Dynamic Host Configuration Protocol

Dynamic Network Emulation Security Analysis for Application Layer Protocols.

Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration.

KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.

SITools Enhanced Use of Laboratory Services and Data Romain Conseil

Lunch in (34-1) slides Experiences with NMI at Michigan Shawn McKee October 1, 2004 NMI/SURA Testbed Workshop.

Objectives: Chapter 5: Network/Internet Layer  How Networks are connected Network/Internet Layer Routed Protocols Routing Protocols Autonomous Systems.

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.

GridFE: Web-accessible Grid System Front End Jared Yanovich, PSC Robert Budden, PSC.

Chapter 8: Virtual LAN (VLAN)

The Network Performance Advisor J. W. Ferguson NLANR/DAST & NCSA.

1 Overview of the Application Hosting Environment Stefan Zasada University College London.

Contents 1.Introduction, architecture 2.Live demonstration 3.Extensibility.

Using NMI Components in MGRID: A Campus Grid Infrastructure Andy Adamson Center for Information Technology Integration University of Michigan, USA.

Resource Brokering in the PROGRESS Project Juliusz Pukacki Grid Resource Management Workshop, October 2003.

PiPEs Server Discovery – Adding NDT testing to the piPEs architecture Rich Carlson Internet2 April 20, 2004.

Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.

JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

1 Network Measurement Summary ESCC, Feb Joe Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.

Practical Distributed Authorization for GARA Andy Adamson and Olga Kornievskaia Center for Information Technology Integration University of Michigan, USA.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

13-Oct-2003 Internet2 End-to-End Performance Initiative: piPEs Eric Boyd, Matt Zekauskas, Internet2 International.

1 Service Creation, Advertisement and Discovery Including caCORE SDK and ISO21090 William Stephens Operations Manager caGrid Knowledge Center February.

Fermilab CA Infrastructure EDG CA Managers Mtg June 13, 2003.

Ad Hoc VO Akylbek Zhumabayev Images. Node Discovery vs. Registration VO Node Resource User discover register Resource.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.

MGRID Architecture Andy Adamson Center for Information Technology Integration University of Michigan, USA.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

July 19, 2004Joint Techs – Columbus, OH Network Performance Advisor Tanya M. Brethour NLANR/DAST.

Secure Network Performance Testing using SeRIF Charles J. Antonelli Center for Information Technology Integration University of Michigan Laurence Kirchmeier.

1 Deploying Measurement Systems in ESnet Joint Techs, Feb Joseph Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.

Secure High Performance Networking at BNL Winter 2013 ESCC Meeting John Bigrow Honolulu Hawaii.

Introduction to Windows Server 2008

Virtual Local Area Networks or VLANs

Distributed Systems.

Configuration of Cisco Routers in GNS3

GGF15 – Grids and Network Virtualization

A Web-based Integrated Console for Controlling a Set of Networks

Adaptive Flow Control using OpenFlow

CCNA 2 v3.1 Module 6 Routing and Routing Protocols

A Network Operating System Edited By Maysoon AlDuwais

Building Security into Your System

“Detective”: Integrating NDT and E2E piPEs

Features Overview.

Presentation transcript:

MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan

MGRID NTAP Project NTAP : Network Testing and Performance Purpose : provide a secure and extensible network testing and performance tool invocation service at U-M Service based on Globus Runs on dedicated nodes attached to routers in a VLAN environment

MGRID Architecture mod ssl mod kx509 mod kct CHEF Apache Tomcat KCT GateKeeper Resource Grid Resource KCA kx509 kinit User Workstation KDC Kerberos V5 SSL – Client Certificate required GSI Kerberos SASL MGRID Portal Authorization Resource Mng SASL 8 mod jk mod php LDAP Authorization LDAP libpkcs11 Browser

MGRID NTAP Project Initial work implemented a bandwidth reservation tool: – Securely modifies network switch configurations to provide differentiated services – Based on GARA “General-purpose Architecture for Reservation and Allocation” Layered on Globus Implements role-based authorization Includes scheduler for future reservations

MGRID NTAP Project Added modular, fine-grained authorization – Added signed group membership(s) to reservation data – Now provides two authorization methods: Keynote policy engine / AFS PTS group service PERMIS policy engine / LDAP group service Generalized from bandwidth reservations to the ability to run securely arbitrary programs at a Grid service endpoint – Designed to easily add functionality – Network testing tools being used now Iperf, traceroute, ping, owamp, etc

MGRID NTAP Architecture Web Portal Router 1 Host A Router 2Router 3 Host B PMP 1PMP 2PMP 3 GSI Attribute Callout AFS PTSPERMISFlat File

MGRID NTAP Project Multihomed PMP support – One routing table per VLAN – Routing policy selects routing table based on source address of outgoing packet – Emulates a default route per virtual interface Path discovery – Use traceroute to obtain routing information – Use network topology databases to map network segments to PMP pairs

MGRID NTAP Project PERMIS authorization – User, Target, Action – Attribute, policy certificates – Policy engine Production hardening – Error handling/recovery – Cleanup/restart – Log file management – Deployment packaging

MGRID NTAP Project Performance measurement – Deployment to ITCom lab Output Database – Permanent, secure storage of results – Searches and aggregations – Throughput/latency matrix Host Endpoint Testing – The “last mile” segment – Secure download of signed binaries

MGRID NTAP Project Demonstration R1 Host A PMP 1 R2 Host B PMP / /

MGRID NTAP Project Performance test, step 1 – locate the first PMP, the performance machine “nearest” to the tester

MGRID NTAP Project Performance test, step 2 – discover network path (i.e. routers)

MGRID NTAP Project Performance test, steps 3, 4, …, n – run pairwise tests between “adjacent” PMPs ideally, this will capture hop-by-hop network data sometimes there are network “holes” – lastly, timestamp and store the output for post- processing (generate graphs, check for empirical anomalies, etc)

Any Questions?