The Science DMZ: Recent Developments · 16/05/2017  · • Science DMZ As Plaorm • Modern...

Preview:

Click to see full reader

Citation preview

TheScienceDMZ:RecentDevelopments

EliDart,NetworkEngineerESnetScienceEngagementLawrenceBerkeleyNa@onalLaboratory

WRNP17

Belém,Brazil

May16,2017

©2017,EnergySciencesNetwork

Overview

•  ScienceDMZAsPlaMorm•  ModernResearchDataPortal

•  PacificResearchPlaMorm– PRP– NRP

•  Note:ThistalkassumesyoualreadyunderstandtheScienceDMZ

–  Ifyouhaven’tencounteredtheScienceDMZ,severalfolksinRNPcanhelpyou,includingLeandroCiuffoandAlexMoura

–  Orcheckoutthefasterdataknowledgebase:•  hXp://fasterdata.es.net/science-dmz/

2 – ESnet Science Engagement (engage@es.net) - 5/15/17

©2017,EnergySciencesNetwork

•  OncetherearemanyScienceDMZsinyournetwork,morethingsbecomepossible

•  Easyfiletransferisgood,butwhatelsecanwedo?– Updatethearchitectureofdataportals– Buildservicesbetweenins@tu@ons–  Interconnectfacili@es

•  Severaleffortsunderwaytodothesethings

ScienceDMZAsAPla3orm

3 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

ScienceDataPortals

•  Largerepositoriesofscien@ficdata–  Climatedata–  Skysurveys(astronomy,cosmology)–  Manyothers–  Datasearch,browsing,access

•  Manyscien@ficdataportalsweredesigned15+yearsago–  Single-web-serverdesign–  Databrowse/search,dataaccess,userawarenessallinasinglesystem–  Allthedatagoesthroughtheportalserver

•  Inmanycasesbydesign•  E.g.embargobeforepublica@on(enforceaccesscontrol)

4 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

LegacyPortalDesign

10GE

Border Router

WAN

Firewall

Enterprise

perfSONAR

perfSONAR

Filesystem(data store)

10GE

Portal Server

Browsing pathQuery pathData path

Portal server applications:· web server· search· database· authentication· data service

•  Verydifficulttoimproveperformancewithoutarchitecturalchange–  Sodwarecomponentsalltangledtogether

–  DifficulttoputthewholeportalinaScienceDMZbecauseofsecurity

–  EvenifyoucouldputitinaDMZ,manycomponentsaren’tscalable

•  Whatdoesarchitecturalchangemean?

5 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

ExampleofArchitecturalChange–CDN

•  Let’slookatwhatContentDeliveryNetworksdidforwebapplica@ons•  CDNsareawell-deployeddesignpaXern

–  Akamaiandfriends–  En@reindustryinCDNs–  Assumedpartoftoday’sInternetarchitecture

•  WhatdoesaCDNdo?–  Storesta@ccontentinaseparateloca@onfromdynamiccontent

•  Complexityisn’tinthesta@ccontent–it’sintheapplica@ondynamics•  Webapplica@onsarecomplex,full-featured,andslow–  Databases,userawareness,etc.–  Lotsofintegratedpieces

•  Dataserviceforsta@ccontentissimplebycomparison

–  Separa@onofapplica@onanddataserviceallowseachtobeop@mized

6 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

ClassicalWebServerModel

•  Webbrowserfetchespagesfromwebserver–  Allcontentstoredonthewebserver–  Webapplica@onsrunonthewebserver

•  Webservermaycallouttolocaldatabase•  Fundamentallyallprocessingislocaltothewebserver

–  Webserversendsdatatoclientbrowseroverthenetwork•  Perceivedclientperformancechangeswithnetworkcondi@ons

–  Severalproblemsinthegeneralcase–  Latencyincreases@metopagerender–  Packetloss+latencycauseproblemsforlargesta@cobjects

HostingProvider

TransitNetwork

Residential BroadbandWEB

Long Distance / High Latency

Web Server

Browser

7 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

SoluFon:PlaceLargeStaFcObjectsNearClient

HostingProvider

TransitNetwork

Residential BroadbandWEB

Long Distance / High Latency

CDN

DATA

Short Distance / Low Latency

Web Server

CDN Data Server

Browser

•  CDNprovidessta@ccontent“close”toclient–  Latencygoesdown

•  Timetopagerendergoesdown•  Sta@ccontentperformancegoesup

–  Loadonwebservergoesdown(noneedtoservesta@ccontent)

–  Webservers@llmanagescomplexbehavior•  Localreasoning/fastchangesforapplica@onowner

•  Significantwinforwebapplica@onperformance

8 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

ClientSimplySeesIncreasedPerformance

•  Clientdoesn’tseetheCDNasaseparatething–  Webcontentisalls@llviewedinabrowser

•  Browserfetcheswhatthepagetellsittofetch•  Differentcontentcomesfromdifferentplaces•  Userdoesn’tknow/care

•  CDNsprovideanarchitecturalsolu@ontoaperformanceproblem–  Notbrute-force–  Worksmarter,notharder

The‘NetWEB

Browser

Web Server

Rich, Slow

DATA

CDN Data Server

Simple,Fast

The‘NetWEB

Browser

Web Server

©2017,EnergySciencesNetwork9 – ESnet Science Engagement (engage@es.net) - 5/15/17

ArchitecturalExaminaFonofDataPortals

•  Commondataportalfunc@ons(mostportalshavethese)–  Search/query/discovery–  Datadownloadmethodfordataaccess–  GUIforbrowsingbyhumans–  APIformachineaccess–ideallyincorporatessearch/query+download

•  Performancepainisprimarilyinthedatahandlingpiece–  Rapidincreaseindatascaleeclipsedlegacysodwarestackcapabili@es–  Portalserversodenstuckinenterprisenetwork

•  Canwe“disassemble”theportalandputthepiecesbacktogetherbeXer?–  UseScienceDMZasaplaMormforthedatapiece–  AvoidplacingcomplexsodwareintheScienceDMZ

10 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

LegacyPortalDesign

10GE

Border Router

WAN

Firewall

Enterprise

perfSONAR

perfSONAR

Filesystem(data store)

10GE

Portal Server

Browsing pathQuery pathData path

Portal server applications:· web server· search· database· authentication· data service

11 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

Next-GeneraFonPortalLeveragesScienceDMZ

10GE10GE

10GE

10GE

Border Router

WAN

Science DMZSwitch/Router

Firewall

Enterprise

perfSONAR

perfSONAR

10GE

10GE

10GE10GE

DTN

DTN

API DTNs(data access governed

by portal)

DTN

DTN

perfSONAR

Filesystem (data store)

10GE

Portal Server

Browsing pathQuery path

Portal server applications:· web server· search· database· authentication

Data Path

Data Transfer Path

Portal Query/Browse Path

12 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

PutTheDataOnDedicatedInfrastructure

•  Wehaveseparatedthedatahandlingfromtheportallogic•  Portaliss@llitsnormalself,butenhanced

–  PortalGUI,database,search,etc.allfunc@onastheydidbefore–  QueryreturnspointerstodataobjectsintheScienceDMZ–  Portalisnowfreedfrom@estothedataservers(runitonAmazonifyouwant!)

•  Datahandlingisseparate,andscalable–  High-performanceDTNsintheScienceDMZ–  Scaleasmuchasyouneedtowithoutmodifyingtheportalsodware

•  Outsourcedatahandlingtocompu@ngcentersorcampuscentralstorage–  Compu@ngcentersaresetupforlarge-scaledata–  Letthemhandlethelarge-scaledata,andlettheportaldotheorchestra@onofdataplacement

13 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

The Pacific Research Platform Creates a Regional End-to-End Science-Driven “Big Data Freeway System”

NSF CC*DNI Grant $5M 10/2015-10/2020

•  PI: Larry Smarr, UC San Diego Calit2

•  Co-PIs: -  Camille Crittenden, UC

Berkeley CITRIS, -  Tom DeFanti, UC San Diego

Calit2, -  Philip Papadopoulos, UC

San Diego SDSC, -  Frank Wuerthwein, UC San

Diego Physics and SDSC

PRPProvidesInteroperability

•  ScienceDMZsatpar@cipa@ngsitesensureinteroperability•  PRPengineersworktoensuretheyinteroperate

–  GlobusdatatransferbetweenDTNs–  perfSONAR

•  Somevaria@oninDTNs–  SomehaveFIONADTNs

•  FIONA==FlashI/ONetworkAppliance•  DesignedbyPRPengineersatUCSanDiego•  hXps://fasterdata.es.net/science-dmz/DTN/fiona-flash-i-o-network-appliance/

–  SomehaveDTNsconnectedtoHPCstorage•  Key–theyallinteroperate,removingintegra@onburdenfromscien@sts

15 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

PRPScienceDrivers

•  Mul@plescienceareas– Astronomyandastrophysics– Biomedicalapplica@ons–  Lifesciences–  Par@clephysics– Virtualrealityanddatavisualiza@on

•  hXp://prp.ucsd.edu/

5/15/1716

NaFonalResearchPla3orm(NRP)

•  ReplicatethePRPonana@onalscale•  Interoperable,high-performancecyberinfrastructure

–  Builttoservedomainscience–  Scaleupto~200ins@tu@ons

•  Firstworkshoptobeheldthissummer–  Domainscienceinput–  Policyques@ons–  Architecture,scalability–  IncludecampusIT,regionalnetworks,na@onalnetworks,fundingagencies,etc.inacommonconversa@on.

17 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

PetascaleDTNProject

•  AnotherexampleofbuildingontheScienceDMZ•  Supportsalldata-intensiveapplica@onswhichrequirelarge-scaledataplacement

•  Collabora@onbetweenHPCfacili@es–  ALCF,NCSA,NERSC,OLCF

•  Goal:per-Globus-jobperformanceat1PB/weeklevel–  15gigabitspersecond–  Withchecksumsturnedon,etc.–  Nospecialshortcuts,noarcaneop@ons

•  Referencedatasetis4.4TBofastrophysicsmodeloutput–  Mixoffilesizes–  Manydirectories–  Realdata!

18 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

PetascaleDTNProject

10.0 Gbps

17.6 Gbps

14.8 Gbps

19.3 Gbps

17.4 Gbps 17.0 Gbps

32.4 Gbps

25.3 Gbps

18.3 Gbps

16.3 Gbps

24.1 Gbps

24.0 Gbps

DTN

DTN

DTN

DTN

alcf#dtn_miraALCF

nersc#dtnNERSC

olcf#dtn_atlasOLCF

ncsa#BlueWatersNCSA

Data set: L380Files: 19260Directories: 211Other files: 0Total bytes: 4442781786482 (4.4T bytes)Smallest file: 0 bytes (0 bytes)Largest file: 11313896248 bytes (11G bytes)Size distribution:

1 - 10 bytes: 7 files10 - 100 bytes: 1 files100 - 1K bytes: 59 files1K - 10K bytes: 3170 files10K - 100K bytes: 1560 files100K - 1M bytes: 2817 files1M - 10M bytes: 3901 files10M - 100M bytes: 3800 files100M - 1G bytes: 2295 files1G - 10G bytes: 1647 files10G - 100G bytes: 3 files

March 2017L380 Data Set

19 – ESnet Science Engagement (engage@es.net) - 5/15/17 ©2017,EnergySciencesNetwork

Thanks!

EliDartdart@es.netEnergySciencesNetwork(ESnet)LawrenceBerkeleyNa@onalLaboratory

hXp://fasterdata.es.net/

hXp://my.es.net/

hXp://www.es.net/

ExtraSlides

5/15/1721

WhatIsScienceEngagement?

•  Technologypeopleworkingwithscien@ststohelpsolveproblems–  Improvedatatransferperformance–  Improvedataworkflows(e.g.torequirelesshumaneffort)–  Improveexperimentopera@ons–  …andmore…

•  Usingexperiencegainedfromhelpingscien@ststoimprovecyberinfrastructure–  Networkdesign–  Tooldesign–  Systemdesign

5/15/1722

EngagementIsImportant:OldModel

•  Scien@stasintegrator– Requiresscien@ststodiscovernewtechnologies– Requiresscien@ststobecomeexpertinnewtechnologies– Requiresscien@ststoassembledis@ncttechnologiesintoanintegratedsolu@onthatworksforthem

–  Somescien@stsdothisbrilliantly–mostdonot

5/15/1723

EngagementIsImportant:NewModel

•  Scien@stascollaborator–  Technologistsunderstandtechnology–  Technologistsunderstandenoughofthesciencetoseehowtechnologyfits

–  Technologistshelpscien@stsadoptausefulsolu@on–  Thisismuchmoreproduc@ve,andrequiresscienceengagement

5/15/1724

Recommended

The Science DMZ - TERENA · 2013-11-13 · “Science DMZ” may not look discrete • Most of the network is in the Science DMZ • This is as it should be • Appropriate deployment
Documents
Cyberinfrastructure for Big Science Flows: Science …ce.sc.edu/.../workshop/20190722-1-EPOC-USC-CI-DMZ-v1.pdf2019/07/22  · The Science DMZ has two main purposes: 1.A security architecture
Documents
Dmz presentation seo, conversion, brain science
Technology
An R&E Network's Perspective of a Science DMZ Model · Science DMZ The Science DMZ is a portion of the network, built at or near the campus or laboratory's local network perimeter
Documents
RFP Science DMZ Core 2013 Vendor - Procurement & Strategic …forms.procurement.wayne.edu/RFPs/RFP_Science_DMZ_Core_2013_… · RFP: Science DMZ Core 2013 for the Computing & Information
Documents
Science and Networks and Cybersecurityce.sc.edu/cyberinfra/docs/workshop/Welch-Science-DMZ-SC-2019-0… · 23-07-2019  · Science DMZ Security Myth The big myth: The main goal of
Documents
Science DMZ Architecture - Linux Clusters Institute · 2017-08-18 · Science DMZ Background • The data mobility performance requirements for data intensive science are beyond what
Documents
Key Components: Science DMZ at FIU FlowSurge racks OpenFlow /SDN science network
Documents
Building the Modern Research Data Portal...Desktop Globus Cloud Firewall Science DMZ Prototypical research data portal • Move portal storage into Science DMZ, with Globus endpoint
Documents
IPv6 R&E Deployment and Campus Science DMZ
Documents
Securing the Science DMZ - Internet2meetings.internet2.edu/.../2014/07/14/20140716-buraglio-sciencedm… · Securing the Science DMZ Best Practices for securing an open perimeter
Documents
“An Integrated West Coast Science DMZ for Data-Intensive ... · “An Integrated West Coast Science DMZ for Data-Intensive Research” … Building the Pacific Research Platform
Documents
The Science DMZ: A network design patterndownloads.hindawi.com/journals/sp/2014/701405.pdf · The Science DMZ: A network design pattern for data-intensive science1 Eli Darta,∗,LaurenRotman
Documents
SciGuard: A Security Architecture for Science DMZ based on …€¦ · SciGuard: A Security Architecture for Science DMZ based on SDN and NFV A collaborative project between Clemson
Documents
Science DMZ Security - Home | Internet22013/01/15  · Science DMZ Security Eli Dart, Network Engineer ESnet Network Engineering Group Joint Techs, Winter 2013 Honolulu, HI January
Documents
From Science DMZ to a Global Research Platformasrenorg.net/eage2017/sites/default/files/files/4_ASREN Science DM… · From Science DMZ to a Global Research Platform Kevin Sale –Network
Documents
The Science DMZ – Introduction & Architecturerich/OIN.10.2013/Science_DMZ/... · • The Science DMZ is a design pattern for network design. o Not all implementations look the same,
Documents
The Science DMZ - globusworld.org
Documents
The Science DMZ – perfSONAR & Network Monitoringrich/...OIN-ScienceDMZ-2-perfSONAR.pdf · The Science DMZ – perfSONAR & Network Monitoring Jason Zurawski - ESnet Engineering &
Documents
Lamar University Science DMZ · What is a Science DMZ A Scalable Network Design Model for Optimizing Science Data Transfers The Science DMZ is a portion of the network, built at the
Documents