19th APAN meetings in Bangkok, TH Exploring eScience Session 3: Facility Instruments More detailled about UCLP v1.0 and UCLP Roadmap (V2.0) Hervé Guy Thursday :00-12:30 Place: Room B, i.e. Watergate Ballroom,6th Floor Section B

Table of Contents >UCLP v1.0 – History – Deployments on UCLP lab. – Deployments on UCLP lab. and CA*net 4 – Definitions – University of Waterloo’s UCLP v1.4. – University of Ottawa/CRC’s UCLP v1.2 & – Université du Québec à Montréal or UQAM’s UCLP v 1.3. >UCLP v2.0 – Roadmap

History - UCLP v1.0 CANARIE's Directed Research Program >Co-funded by Cisco Canada and CANARIE ( >Held in >10 proposals submitted >3 selected University of Waterloo ( University of Ottawa - Communications Research Centre (CRC) ( Carleton University ( >+ 1 bonus Université du Québec à Montréal (UQAM) (

UCLP deployment on lab. ( >UCLP deployed: – University of Waterloo v1.4 ( – University of Ottawa - Communications Research Centre (CRC) v1.2 (federation canarielab: V1.3+ is in tests now. – Université du Québec à Montréal (UQAM) v1.3 (in tests now). >Advantage! You can log in as an administrative or normal user. >Direct Telnet access to the Network Elements (NEs) or via the TL1 LightPath Proxy 1.4. >Only registered source IP addresses will be permitted to connect to the lab. Requests are to be sent to >Registered UCLP lab users (

Deployment on UCLP lab. Architecture

Deployment on UCLP lab. How to access it?

UCLP deployment on CA*net 4 ( >For ease of management of lightpath on CA*net 4, a user must comply with CANARIE's Lightpath Allocation Policy and must fill out CANARIE's Lightpath Request Form.CANARIE's Lightpath Allocation PolicyCANARIE's Lightpath Request Form >Only registered source IP addresses will be permitted to connect to the lab. Requests are to be sent to >UCLP deployed: – University of Waterloo v1.4: – University of Ottawa - Communications Research Centre (CRC) v1.2 Federation c4west: Federation c4 central: Federation c4east: – University of Ottawa - Communications Research Centre (CRC) v1.3+ Federation 3rdwhttp:// :8080/uclpclient.jnlp; – Université du Québec à Montréal (UQAM) v1.3. >Log in as a normal user. C4NOC are administrative users.

UCLP deployment on CA*net 4 How to access it?

UCLP deployment on CA*net 4 LightPath allocations

UCLP Documentations > > uclp/...

UCLP v1.0 Lightpath Definition >According to “User controlled Lightpath Definition Document ( definition.ppt)”, created by Bill St. Arnaud in December 2002: definition.ppt – Any uni- or bi-directional point to point connection with effective guaranteed bandwidth – Examples of LightPaths: STS channel on a SONET or SDH circuit Etc.

UCLP v1.0 - Lightpath Definition LightPath Object across a cloud Management Domain B Management Domain A

UCLP v1.0 - Lightpath Definition Simplest Working LightPath Object LightPath Management Domain B Management Domain A

UCLP v1.0 - Lightpath Definition Concatenated LightPath Object Management Domain B Management Domain A Management Domain C

UCLP v1.0 - Lightpath Definition Inherited LightPath Object Management Domain B Management Domain A Management Domain C

University of Waterloo’s UCLP v1.4 Documentations >University of Waterloo; School of Computer Science; >Project leader: Raouf Boutaba, Ph.D. – >University of Waterloo’s URL – >CANARIE’s URL –

University of Waterloo’s UCLP v1.4 Definitions (1/2) >A Lightpath Object (LPO) is an abstract representation of a lightpath owned and controlled by a single user. >A root LPO is created by an administrator and represents a lightpath between two physically adjacent cross-connect devices. >Only the current owner the of a lightpath can execute operations on it. – Advertisement functions enable users to make their lightpath available to other users up to a specific point in time. – Lease LPO functionality involves taking ownership of an LPO, which permits to a new user to execute operations on it. – Accessing an LPO refers to the process of preparing it for routing traffic. The Access function is used to cross-connect the endpoints of a lightpath to Ethernet ports.

University of Waterloo’s UCLP v1.4 Definitions (2/2) >LPO partitioning refers to the process of distributing the bandwidth of a parent lightpath into several smaller child lightpaths. >LPO concatenation refers to the process of composing multiple constituent lightpaths of common bandwidth into a single compound lightpath that has the bandwidth but extends from the source of the first constituent to the destination of the last constituent.

University of Waterloo’s UCLP v1.4 Architecture

UCLP Demonstrations University of Waterloo v1.4 User Access Layer (UAL) Tomcat Web Server Web Interface Request Handler SOAP HTTP Service Provisioning Layer User Access Layer

University of Waterloo’s UCLP v1.4 Service Provisioning Layer (SPL) Legend Create service Access service RMI Resource Management Layer User Access Layer Grid Application MySQL Globus Toolkit 3 Grid Hosting Environment LPO Factory Service Grid Service Interface LPO Delegate Service JBoss J2EE application server LPO Service EJB Remote LPO Service EJB Home JDBC LPO Service Implemen- tation RMI LPO Grid Service SOAP SPL

University of Waterloo’s UCLP v1.4 Resource Management Layer (RML) Resource Agent RMI Service Provisioning Layer LPO Controller TL1, SNMP Request Controller Switch Interface LPO Controller Programmable Controller LPO Space Resource Management Layer

University of Waterloo’s UCLP v1.4 Users and Privileges

University of Waterloo’s UCLP v1.4 Users and Functionalities >System administrator – creating domain; – configuring ; >System administrator or domain administrator – cleaning agents; – adding user; – creating root LPOs accessing root LPOs partitioning created root LPOs –concatenating partitioned LPOs –accessing partitioned or concatenated LPOs –advertising partitioned or concatenated LPOs alternatively, using End-to-End LPOs process >Ordinary user – modifying user Profile – leasing advertised LPOs accessing leased LPOs partitioning or concatenating leased LPOs –accessing partitioned or concatenated LPOs –advertising partitioned or concatenated LPOs – alternatively, using End-to-End LPOs process

University of Ottawa/CRC’s UCLP v1.2 & 1.3+ Documentations >University of Ottawa – School of Information Technology and Engineering (SITE) ( – Co-project leader: Gregor v. Bochmann >Communications Research Centre – Broadband Applications and Demonstration Laboratory (BADLAB) ( b/badlab) b/badlab – Co-project leader: Michel Savoie >Project URL: >CANARIE URL:

University of Ottawa/CRC’s UCLP v1.2 Definitions (1/2) >A federation is an independent management domain that has its own set of UCLP services. >The Federation Manager is one (or a cluster of) Lookup Service(s) that maintain a list of active UCLP Lookup Services. >The Grid Service Access Point (GSAP) provides two grid services for the administrators and users. >The Jini Service Access Point (JSAP) is a Jini service that acts as the access point to the other Jini services within the UCLP System >Lightpath Discovery and Provisioning Layer is the core UCLP services including the Optical Routing module of the JSAP, the LPOS, the Lease Manager, and the Jini utility services (Jini Lookup Service, JavaSpace and Transaction Manager). >The Switch Control Layer has a number of modules used to control the switches and manage the resources on the switches.

University of Ottawa/CRC’s UCLP v1.2 Definitions (2/2) >LightPath Object (LPO) is an abstraction of one or more lightpaths with a set of attributes that represent a connection between two or more switches. >End-to-End Connection Object is an abstraction of an end-to-end connection in the UCLP System. >Resource Objects are an abstraction of the different physical resources that can be used depending on the switch hardware and technology. The subclasses of RO are: – EndPointRO, it represents an add/drop facility on a switch. IPRO, a subclass of EndPointRO, it represents a gigabit Ethernet port using IP. – PassthroughRO: it represents a resource that can be cross connected through the switch without being added or dropped, (i.e. a cross connection between two SONET ports on a switch) SONETRO: A subclass of PassthroughRO, it represents a SONET channel.

University of Ottawa/CRC’s UCLP v1.2 Architecture (1/3)

University of Ottawa/CRC’s UCLP v1.2 GSAP(GRID) & JSAP(JINI) layers

University of Ottawa/CRC’s UCLP v1.2 Service architecture

University of Ottawa/CRC’s UCLP v1.2 Example using 3 Federations

University of Ottawa/CRC’s UCLP v1.2 Users and Functionalities (1/2) >Administrative users – LPO Create Query –Delete – RO Create Query –Delete – Switch Query – User Add Query (Any User's Profile) –Modify –Delete

University of Ottawa/CRC’s UCLP v1.2 Users and Functionalities (2/2) >Normal users – E2E Connection Create Query –Sublease –Delete – User Modify (his own password only)

Université du Québec à Montréal or UQAM’s UCLP v 1.3 Documentations >Université du Québec à Montréal (UQAM); – Opticnet group (which is a part of Téléinfo Lab.) >Project leader: Omar Cherkaoui, Ph.D. – >Université du Québec à Montréal’s URLs – – >CANARIE’s URL –

UQAM’s UCLP v 1.3 Architecture

UQAM’s UCLP v 1.3 Modules (1/2) >Service Agent – UCLP access point. – Provide Lightpath operations (Search, Stop, modify, concatenate and partitioning) – Ensure E2E lightpath service provisioning – Notify users about E2E lightpath status changes. – 2 client Interfaces: GUI WSDL >InterASRegistry – The Repository of the lightpath service providers URLs (WSIL). – Provide WSDL interface. >IntraASServer – Domain lightpath service access point. – Provide operations to build intra domain lightpaths. – Provide WSDL interface.

UQAM’s UCLP v 1.3 Modules (2/2) >Policy Manager – Manages the domain policies – Ensure respecting authentication and authorization rules defined by domain administrator. – Inventory. – Policy Enforcement Tool. – Provide WSDL Interface. – Provide sub modules called topology Manager. Search routes between 2 interfaces. >LPServer – Deploy/Undeploy cross connections. – Manages used resources. – Manages LPO. >ConsoleAdmin – Enable administrators to configure UCLP Servers. – Enable administrators to manage domain resources (block STS channels, Add rules, add policies …) – 2 interfaces : GUI. WSDL

UCLP Roadmap Figures Bill St. Arnaud CANARIE Inc –

UCLP Objectives >Allow institutions to integrate wavelengths and fiber from different suppliers and integrate with institution's network management domain – And offer VPNs to users >Create discipline specific re-configurable IP networks – Multihomed network which bypasses firewalls with direct connect to servers and routers >User controlled traffic engineering – Active replacement for Sockeye and Route Science – Alternative to MPLS >Primary purpose is NOT reservation and leasing of wavelength resources >Primary purpose is NOT switched optical networks >Primary purpose is NOT end-to-end optical VPNs >Primary purpose is NOT inter-domain connection of lightpaths

Today’s hierarchical IP network University Region al National or Pan-Nationl IP Network Other national networks NREN A NREN B NREN C NREN D

Tomorrow’s peer to peer IP network World University Region al Server World National DWDM Network NREN A NREN B NREN C NREN D Child Lightpaths Child Lightpaths

Creation of application VPNs Commodity Internet Bio-informatics Network University CERN University High Energy Physics Network eVLBI Network Dept Research Network

UCLP intended for projects like National LambdaRail CAVEwave acquires a separate wavelength between Seattle and Chicago and wants to manage it as part of its network including add/drop, routing, partition etc NLR Condominium lambda network Original CAVEwave

Extension of the network into the application Instrument Web service or software process Web service or software process Routing daemon Web service User A User B Single Computer or WS instance of an orchestration Interface Card or port VPN Links VPN extends into computer to specific processes DWDM Network xxxx:410:0:1 xxxx:410:0:2 xxxx:410:0:3 xxxx:410:0:4 xxxx:410:0:5 yyyy:410:0:1 zzzz:410:0:1 UCLP Layer 3 Routing Daemons

UCLP for LAN Campus Border Router p/q VLAN Web Service Lightpath Creation Workflow Service VLAN End user Standard Ethernet Links External Lightpath VLAN to LightPath Cross Connect Web Service

Typical Large system today Sensor Instrument Sensor Layer 2 switch Layer 3 switch/router SONET/DWDM Process SONET/DWDM DMAS Security Web Services OGSA Internet VPN USER Instrument Pod

Service Oriented Architectures Sensor Instrument Sensor Layer 2/3 switch LAN Data Management System CA*net 4 VPN USER Instrument Pod WS* WS CA*net 4 Lightpath Process WS** WS* Process WS** WS* Process WS Web service Interface *CANARIE UCLP **New web services HPC

Science user perspective Sensor/Instrument WS** LAN WS* Science Pod LAN WS* Log Archive Process 1 WS** Log Archive Process 2 WS** ONS15454 WS* NLR or CA*net 4 WS* CANARIE UCLP WS* New Web service DMAS WS** New development Lightpath WS* WS AAA process WS** User defined WSFL bindings WS HPC Process WS** USER with WSFL binding software UDDI or WSIL service registry

Features >All hardware (sensors -wireless and wired), software processes (Data processing and HPC) and network elements (ORAN, CA*net 4) expressed as WSDL web services – Web services may be instantiations of orchestrations >Hardware, software and network web services linked together by science user with BPEL – WSDL and BPEL provide for generic and open control plane >Elimination of network made up of layers – Every layer a web service that can communicate with other WS >Hence all “science” processes use network data recursive architectures – Re use and replication of same modules for software, hardware and network for each science project

Taverna Workflow graph

Coordination with Optiputer, OBS and others UCLP WS TL1 UCLP WS Optical Cloud ODIN WS UNI TL1 OBS Cloud OBS WS AAA WS GLIF UDDI Registry Super User A Orchestration Super User B Schedule & Reservation WS Topology Discovery WS The ultimate lego building blocks

End to end choreography Neptune/ ORION Instrument WS Visualization WS IP Flow QoS WS OMNInet Bandwidth Reservation WS Lightpath WS NeptuneInstrumentServicePT BandwidthReservationPT LightPathConectionPT InstrumentNetworkServicePT Super user orchestration End user orchestration Neptune admin orchestration Xconnect WS Lightpath WS Xconnect WS

Scenario Neptune Instrument WS OMNInet Winnipeg Calgary Chicago Seattle Optiputer CA*net 4 NLR Neptune Lightpath CAVEwave Lightpath Visualization Engine

Vancouver CA*net4 Winnipeg CA*net4 Seattle CA*net4 Chicago CA*net4 Montreal CA*net4 Chicago STAR LIGHT New York MAN LAN Seattle Pwave UCLP Lightpath WS UCLP Cross Connect WS Third Party Lightpath Bidirectional -1 Gbps Vancouver: Port x/Slot y/Channel z Montreal: Port x/Slot y/Channel z Partitionable Available until 2006 to all Vancouver CA*net 4 peers Neptune Instrument WS BCnet

Neptune Admin Orchestration NeptuneInstrumentServicePT Instrument WS Proxy LAN WS Archive & Fork WS instrumentControlPT Neptune Instrument WS dataPathConnectionPT LANnetworkConnectionPT archiveForkPT 1 Data Flow Path 1 Path A Path B

WSDL for instrument Control Port(s) Data Port(s) Java Stub Instrument instrumentControlPT Data Path A Data Path B Axis/Apache/Linux Server dataPathConnectionPT WSDL Interface

WSDL Power & Instrument Control Port(s) Data Port(s) Java Stub Instrument instrumentControlPT Data Path A Data Path B Axis/Apache/Linux Server dataPathConnectionPT WSDL Interface instrumentEnablelPT To user’s WSDL Power WSDL Proxy Instrument WSDL New Instrument WSDL

1. E-gun & Linear Accelerator 3. Storage Ring 4. Beamline End Station VESPERS Beamline at the Canadian Light Source  microanalysis with unprecedented sensitivity Courtesy of CLSI

Current CLS Infrastructure

Proposed Infrastructure

Significance of UCLP v2 >Many power plants, water, sewage and process control SCADA (System Control and Data Acquisition) are moving to TCP/IP so that they can integrate process control with other eBusiness systems >But this makes systems more vulnerable to DOS attacks, viruses, etc >Impossible to fully protect with firewalls etc because too many back doors >Need to build “micro” firewalls around each SCADA sub- system with web services and link them together with web services workflow

WSDL for Root Lightpath and cross connect Java Stub instrumentControlPT Data Path A Data Path B Axis/Apache/Linux Server dataPathConnectionPT WSDL Interface