Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration.

Slides:

Advertisements

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

Advertisements

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

Data Management Expert Panel - WP2. WP2 Overview.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.

Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006.

Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.

Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

GridScape Ding Choon Hoong Grid Computing and Distributed Systems (GRIDS) Lab. The University of Melbourne Melbourne, Australia WW Grid.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.

MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Avaya Contact Center Control Manager. © 2010 Avaya Inc. All rights reserved. What if you could… 1 Requires purchase of additional connectors  Enable.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Access Gateway Operation

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.

Resource Management and Accounting Working Group Working Group Scope and Components Progress made Current issues being worked Next steps Discussions involving.

SITools Enhanced Use of Laboratory Services and Data Romain Conseil

Implementing Network Access Protection

Automatic Software Testing Tool for Computer Networks ADD Presentation Dudi Patimer Adi Shachar Yaniv Cohen

Presenter’s Name NDT Administrator Tools Jakub Slawinski Rich Carlson Internet2 Fall Member Meeting October 9, 2007.

Lunch in (34-1) slides Experiences with NMI at Michigan Shawn McKee October 1, 2004 NMI/SURA Testbed Workshop.

Objectives: Chapter 5: Network/Internet Layer  How Networks are connected Network/Internet Layer Routed Protocols Routing Protocols Autonomous Systems.

Discovery 2 Internetworking Module 5 JEOPARDY John Celum.

The Network Performance Advisor J. W. Ferguson NLANR/DAST & NCSA.

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,

Contents 1.Introduction, architecture 2.Live demonstration 3.Extensibility.

Using NMI Components in MGRID: A Campus Grid Infrastructure Andy Adamson Center for Information Technology Integration University of Michigan, USA.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

PiPEs Server Discovery – Adding NDT testing to the piPEs architecture Rich Carlson Internet2 April 20, 2004.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

SAN DIEGO SUPERCOMPUTER CENTER Inca TeraGrid Status Kate Ericson November 2, 2006.

Practical Distributed Authorization for GARA Andy Adamson and Olga Kornievskaia Center for Information Technology Integration University of Michigan, USA.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.

13-Oct-2003 Internet2 End-to-End Performance Initiative: piPEs Eric Boyd, Matt Zekauskas, Internet2 International.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.

Avaya Communicator for Web Demo Installation

Some thoughts on E2EPI Shawn McKee Pipefitters Meeting, Internet2 Spring Meeting 8 April, 2003.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

MGRID Architecture Andy Adamson Center for Information Technology Integration University of Michigan, USA.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

July 19, 2004Joint Techs – Columbus, OH Network Performance Advisor Tanya M. Brethour NLANR/DAST.

Secure Network Performance Testing using SeRIF Charles J. Antonelli Center for Information Technology Integration University of Michigan Laurence Kirchmeier.

Connect communicate collaborate Performance Metrics & Basic Tools Robert Stoy, DFN EGI TF, Madrid September 2013.

Advanced Network Diagnostic Tools Richard Carlson EVN-NREN workshop.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Implementing Network Access Protection

Planning and Troubleshooting Routing and Switching

2018 Real Cisco Dumps IT-Dumps

Module 01 ETICS Overview ETICS Online Tutorials

A Network Operating System Edited By Maysoon AlDuwais

“Detective”: Integrating NDT and E2E piPEs

Presentation transcript:

Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration University of Michigan Work supported by U-M ITCom

SeRIF SeRIF : Secure Remote Invocation Framework Purpose : provide a secure and extensible remote process invocation service, with strong authentication and flexible authorization Based on Globus, GARA Adds fine-grained authorization – Walden

SeRIF Central portal host – Authentication – Control (invocation, parameters, results) – Databases (LDAP) Dedicated remote nodes – Gatekeeper – Local scheduler for execution and cleanup – Provides status and output redirection – Fine grained authorization at resource

NTAP NTAP : Network Testing and Performance Purpose : provide a secure and extensible network testing and performance tool invocation service at U-M Uses SeRIF framework Runs on portal host and Performance Measurement Platforms (PMPs) attached to routers in a VLAN environment

MGRID Architecture mod ssl mod kx509 mod kct Apache Tomcat KCT GateKeeper Resource Grid Resource KCA kx509 kinit User Workstation KDC Kerberos V5 SSL – Client Certificate required GSI Kerberos SASL MGRID Portal Authorization Resource Mng SASL 8 WALDEN Authorization WALDEN libpkcs11 Browser mod php mod jk CHEF LDAP NW Topology Output

NTAP Architecture Web Portal Router 1 Host A Router 2Router 3 Host B PMP 1PMP 2PMP 3 GSI Attribute Callout AFS PTS Flat File Walden

NTAP I Bandwidth reservation tool: – Securely modifies network switch configurations to provide differentiated services – Based on GARA extension “General-purpose Architecture for Reservation and Allocation” Layered on Globus Includes scheduler for future reservations – Implements modular, fine-grained, role-based authorization Added signed group membership(s) to reservation data Keynote policy engine / AFS PTS group service

NTAP II Added authorization plug-in – PERMIS policy engine / LDAP group service Generalized from bandwidth reservations to the ability to run securely arbitrary programs at a Grid service endpoint – Designed to add functionality easily – Network testing tools supported iperf, traceroute, ping, etc Implemented automatic path discovery

Segment Mapping Strategy – Use traceroute to obtain packet routing path – Use network topology database to map each router to its associated PMP – Execute pairwise performance tests along path Multi-homed PMP support – One routing table per VLAN – Routing policy selects routing table based on source address of outgoing packet – Emulates a default route per virtual interface

Segment Mapping Search types (Anchors) – Host – Router – Router, no path discovery – PMP – PMP, no LDAP search

Segment Mapping Testing Modes – Simple Uses default VLANs only Fallback mode – Source One-way QoS modeling, best for asymmetric applications, accurate for multi-hop – Full Two-way QoS modeling, but not useful for multi-hop

Production Hardening Stable, robust product suitable for continuous operation – Error handling/recovery – Cleanup/restart – Log file management – Deployment packaging – Deployment verifier – Documentation

Output Database Test program outputs captured Stored in LDAP database Database display tool – Output hop-by-hop matrix display – Color-coded test history – Click through cells for detailed views Links to most recent tests – Config file for rapid prototyping

NTAP III Deployment – PMPs deployed at ITCom, Merit, Internet2 Added authorization plug-in – PERMIS policy engine / LDAP group service 10 Gbps PMPs Host Endpoint Testing Automated Testing Profile-based interface

Walden Fine-grained authorization at gatekeeper Uses XACML policy file –Resource, Action, Subject attributes

Automated Testing Want repetitive, automated testing – … but with secure authentication and authorization Solution: renewable credentials – User obtains Globus credentials – Portal schedules repetitive testing – Prior to test cycle, portal derives single-use credential from user credential – Rest of NTAP architecture unchanged

Host Endpoint Testing First mile problem – Leverages Network Diagnostic Tester Uses JavaWebStart to run signed apps on client – Client downloads NDT app Multi-step process User clicks two links – Client identifies first-hop router and attached PMP running NDT server – Client runs NDT test and displays results as usual – NDT server sends results to NTAP database Router 1 Host A

Profile-based Interface Database of test paths and test requests – Segment mapped or user-specified – Captures common test configurations Available as library of standard configurations – Select test profile – Attach one or more test profiles – Run test and record results Leverages test expertise Authorized access contemplated

MGRID NTAP Project Demonstration

Future Work Post-processed statistics, graphs Cross-domain testing Alternatives to topology database Automated tools – Tune TCP stack – Detect duplex mismatches Graph the topology database

Any Questions?