Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Network Performance Testing using SeRIF Charles J. Antonelli Center for Information Technology Integration University of Michigan Laurence Kirchmeier.

Published byEllen Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Network Performance Testing using SeRIF Charles J. Antonelli Center for Information Technology Integration University of Michigan Laurence Kirchmeier."— Presentation transcript:

1 Secure Network Performance Testing using SeRIF Charles J. Antonelli Center for Information Technology Integration University of Michigan Laurence Kirchmeier MERIT, Inc. 21 June 2005

2 Contributors CITI – Andy Adamson – Olga Kornievskaia – David Richter – Nathan Gallaher MGRID ITCom Work supported by OVPR and U-M ITCom

3 SeRIF SeRIF : Secure Remote Invocation Framework Purpose : provide a secure and extensible remote process invocation service, with strong authentication and flexible authorization Based on Globus, GARA Adds fine-grained authorization – Walden

4 SeRIF Central portal host – Authentication – Control (invocation, parameters, results) – Databases (LDAP) Dedicated remote nodes – Gatekeeper – Local scheduler for execution and cleanup – Provides status and output redirection – Fine grained authorization at resource

5 SeRIF Architecture mod ssl mod kx509 mod kct Apache Tomcat KCT GateKeeper Resource Grid Resource KCA kx509 kinit User Workstation KDC Kerberos V5 SSL – Client Certificate required GSI Kerberos SASL Portal 1 2 3 4 5 6 7 Authorization Resource Mgr SASL 8 WALDEN Authorization WALDEN libpkcs11 Browser mod php mod jk CHEF LDAP NW Topology Output

6 NTAP NTAP : Network Testing and Performance Purpose : provide a secure and extensible network testing and performance tool invocation service at U-M Uses SeRIF framework Runs on portal host and Performance Measurement Platforms (PMPs) attached to routers in a VLAN environment

7 NTAP Architecture Portal Router 1 Host A Router 2Router 3 Host B PMP 1PMP 2PMP 3 GSI Attribute Callout AFS PTS Flat File Walden

8 NTAP I Bandwidth reservation tool: – Securely modifies network switch configurations to provide differentiated services – Based on GARA extension “General-purpose Architecture for Reservation and Allocation” Layered on Globus Includes scheduler for future reservations – Implements modular, fine-grained, role-based authorization Added signed group membership(s) to reservation data Keynote policy engine / AFS PTS group service

9 NTAP II Added PERMIS authorization plug-in Generalized to run securely arbitrary programs at a Grid service endpoint Automatic path discovery – traceroute & topology database Multihomed PMP support – source address selects per-VLAN route Production hardening – recovery, packaging & installation

10 Output Database Test program outputs captured Stored in LDAP database Database display tool – Output hop-by-hop matrix display – Color-coded test history – Click through cells for detailed views Links to most recent tests – Config file for rapid prototyping

11 NTAP III Deployment – PMPs deployed at CITI, ITCom, Merit 10 Gbps PMPs – PCI-X vs. PCI-X V2.0 vs. PCIe Walden authorization plug-in Additional Path Testing Host Endpoint Testing Automated Testing Profile-based Interface

12 Walden Fine-grained authorization at gatekeeper Walden policy engine / XACML policy file – Resource, Action, Subject attributes Demo policy – Any authenticated principal may run a test on designated PMPs – Specific principals may run a test on any PMP

13 Walden

14 Additional Path Testing Adds customer-specified tests to schedule endpoint - add R1-Rn cascade - add R1-R2, R1-R3, …, R1-Rn Router 1Router 2Router 3Router n

15 Host Endpoint Testing First mile problem – Leverages Network Diagnostic Tester Uses JavaWebStart to run signed apps on client – Client downloads NDT app Multi-step process User clicks two links – Client identifies first-hop router and attached PMP running NDT server – Client runs NDT test and displays results as usual – NDT server sends results to NTAP database Router 1 Host A

16 Automated Testing Need repetitive, automated testing – … but with secure authentication and authorization Solution: renewable credentials – User obtains long-term credentials – Portal schedules repetitive testing – Prior to a test cycle, portal validates long-term credential and derives from it a short-term credential – Rest of SeRIF architecture unchanged

17 Profile-based Interface Tests specified via test profile, composed of – A path map – One or more application profiles – An output profile Database of path maps and profiles – Segment mapped or user-specified – Captures common test configurations – Leverages testing expertise Maps and profiles stored in LDAP database

18 Future Work Post-processed statistics, graphs Cross-domain testing Alternatives to topology database – Active infrastructure probing Automated tools – Tune TCP stack – Detect conditions, e.g. duplex mismatches Graph the topology database

19 SeRIF Resources SeRIF & NTAP home page –http://www.citi.umich.edu/projects/ntaphttp://www.citi.umich.edu/projects/ntap –FAQ & documentation –Download NTAP code & installation instructions Tools – iperf http://dast.nlanr.net/Projects/Iperf/ http://dast.nlanr.net/Projects/Iperf/ –ndt http://e2epi.internet2.edu/ndt/http://e2epi.internet2.edu/ndt/ –owamp http://e2epi.internet2.edu/owamp/http://e2epi.internet2.edu/owamp/

20 Merit’s Measurement Infrastructure Goals – Provide measurement servers located across MichNet – Permit ad-hoc measurements to these servers for members and affiliates – Perform regular measurements between the servers to track the health of MichNet – Tie in MichNet servers with UM’s ntap servers & Internet2 measurement infrastructure

21 Merit Measurement Infrastructure ntap1.merit.edu ntap2.merit.edu ntap3.merit.edu deployment later summer

22 Merit’s Measurement Infrastructure Measurement tools available – ndt Last mile network diagnostic tool – owamp One-way ping tool – bwctl Bandwidth test controller ntap provides strong authentication and authorization to these tools See http://e2epi.internet2.edu for more information on these toolshttp://e2epi.internet2.edu

23 Denver Seattle Sunnyvale Los Angeles Houston Kansas City Chicago Indianapolis Atlanta Washington DC New York http://e2epi.internet2.edu/pipes/ami/pmp-info.html#ndt Internet2 ndt servers

24 Internet2 bwctl & owamp servers Denver Seattle Sunnyvale Los Angeles Houston Kansas City Chicago Indianapolis Atlanta Washington DC New York http://e2epi.internet2.edu/pipes/ami/bwctl/

25 Merit’s Measurement Infrastructure Next steps – Deploy measurement servers – Develop report web pages and front-ends to the tools – Work with members and affiliates -Internet2 measurement workshop? – Review other measurement tools such as Mona Lisa Lunchtime BOF on E2E performance and measurement

26 Merit’s Measurement Info resources – Merit Measurement web pages http://www.merit.edu/nrd/projects/e2e.html – Internet2 Measurement Performance workshop http://e2epi.internet2.edu/network-perf- wk/index.html http://e2epi.internet2.edu/network-perf- wk/index.html – Email: e2einfo@merit.edu

27 MGRID NTAP Project Demonstration

28 Any Questions? http://www.citi.umich.edu

Download ppt "Secure Network Performance Testing using SeRIF Charles J. Antonelli Center for Information Technology Integration University of Michigan Laurence Kirchmeier."

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.

EVERY CONNECTION has a starting point. EVERY CONNECTION has a starting point. WorldCat Navigator - Authentication Library Hosted Navigator EZproxy and.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006.

Secure Network Performance Testing using SeRIF Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006.
Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.

Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.
Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.

Authenticated QoS Project Overview Andy Adamson Research Investigator Center for Information Technology Integration University of Michigan Ann Arbor.
GridScape Ding Choon Hoong Grid Computing and Distributed Systems (GRIDS) Lab. The University of Melbourne Melbourne, Australia www.gridbus.org WW Grid.

GridScape Ding Choon Hoong Grid Computing and Distributed Systems (GRIDS) Lab. The University of Melbourne Melbourne, Australia WW Grid.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.

Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.
MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.

MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration University of Michigan.
Making Apache Hadoop Secure Devaraj Das Yahoo’s Hadoop Team.

Making Apache Hadoop Secure Devaraj Das Yahoo’s Hadoop Team.
Performance Measurement Tools August 9 th 2011, OSG Site Admin Workshop Jason Zurawski – Internet2 Research Liaison.

Performance Measurement Tools August 9 th 2011, OSG Site Admin Workshop Jason Zurawski – Internet2 Research Liaison.
Grappa: Grid access portal for physics applications Shava Smallen Extreme! Computing Laboratory Department of Physics Indiana University.

Grappa: Grid access portal for physics applications Shava Smallen Extreme! Computing Laboratory Department of Physics Indiana University.
Access Gateway Operation

Access Gateway Operation
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration.

Network Testing and Performance Using SeRIF Charles J. Antonelli David Richter Olga Kornievskaia Nathan Gallaher Center for Information Technology Integration.

Similar presentations

Ads by Google