![Page 1: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/1.jpg)
Virtual Infrastructure
C27_B259, MSCS building, UNE, Armidale, NSW, Australia on
Friday, 25th May 2007 from 12 to 1pm.
by Dr. Charles R. Watson
School of Maths, Stats and Computer ScienceUniversity of New England, Armidale NSW 2351
URL: http://mcs.une.edu.au/~cwatson7/I/VirtualInfrastructure.ppt
![Page 2: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/2.jpg)
25th May 2007 Virtual Infrastructure
Overview
• Digital Communications Technology
• Voice over IP
• Integrity and Availability
• Security
• Discussion: cost-neutral improvement of our virtual infrastructure
![Page 3: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/3.jpg)
25th May 2007 Virtual Infrastructure
Transmission Media
![Page 4: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/4.jpg)
25th May 2007 Virtual Infrastructure
Wireless LAN Architecture
![Page 5: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/5.jpg)
25th May 2007 Virtual Infrastructure
Ethernet: CSMA/CD
Carrier Sense Multiple Access with Collision Detection
![Page 6: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/6.jpg)
25th May 2007 Virtual Infrastructure
Protocol Analyzers
Traffic displayed by protocol type
![Page 7: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/7.jpg)
25th May 2007 Virtual Infrastructure
Wide Area Network
![Page 8: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/8.jpg)
25th May 2007 Virtual Infrastructure
Gateways
![Page 9: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/9.jpg)
25th May 2007 Virtual Infrastructure
Client/Server Communication
![Page 10: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/10.jpg)
25th May 2007 Virtual Infrastructure
Satellite Internet Access
![Page 11: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/11.jpg)
25th May 2007 Virtual Infrastructure
Satellite Internet Access (continued)
Dial return satellite Internet service
![Page 12: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/12.jpg)
25th May 2007 Virtual Infrastructure
WAN Technologies Compared
![Page 13: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/13.jpg)
25th May 2007 Virtual Infrastructure
WAN Technologies Compared (continued)
![Page 14: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/14.jpg)
25th May 2007 Virtual Infrastructure
Voice-over-IP• Cisco AS5300 is the core AARNet Gateway.• Voice card for Cisco 3660• Skype is a peer-to-peer Internet telephony
network founded by the Niklas Zennström. – It competes against existing open VoIP protocols
such as SIP, IAX, and H.323. – Rapid growth in free and paid services. – Features include
• free voice and video conferencing, • its ability to use peer to peer (decentralized) technology to
overcome common firewall and NAT (Network address translation) problems
![Page 15: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/15.jpg)
25th May 2007 Virtual Infrastructure
VoIP (continued)
Accessing a VoIP network from traditional telephones
![Page 16: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/16.jpg)
25th May 2007 Virtual Infrastructure
VoIP (continued)
Accessing a VoIP network from IP phones
![Page 17: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/17.jpg)
25th May 2007 Virtual Infrastructure
Internet Group Management Protocol
• Network layer protocol that manages multicasting allowing one node to send data to defined group of nodes
• Routers use IGMP to determine which nodes belong to multicast group and to transmit data to all nodes in that group
• IGMP can be used for online video and gaming, and allows more efficient use of resources
• UDP - User (Unreliable) Datagram Protocol is faster and more efficient than TCP for lightweight or time-sensitive purposes, e.g. IPTV, audio-visual streaming media
![Page 18: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/18.jpg)
25th May 2007 Virtual Infrastructure
Real world example http://en.wikipedia.org/wiki/Streaming_media
• One hour of video encoded at 300 kbit/s (this is a typical broadband video for 2005 and it's usually encoded in a 320×240 pixels window size) will be:– (3,600 s · 300 kbit/s) / 8,388.608 = 128.7 MiB of storage
• If the file is stored on a server for on-demand streaming. If this stream is viewed by 1,000 people using a Unicast protocol, you would need
• 300 kbit/s · 1,000 = 300,000 kbit/s = 300 Mbit/s of bandwidth• This is equivalent to 125.73 GiB per hour. Of course, using a
Multicast protocol the server sends out only a single stream that is common to all users. Hence, such a stream would only use 300 kbit/s of bandwidth.
![Page 19: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/19.jpg)
25th May 2007 Virtual Infrastructure
Integrity and Availability• Integrity refers to the soundness of network files, systems, and
connections• Fault tolerance is a system’s capacity to continue performing
despite unexpected hardware or software malfunction• A UPS is a battery power source that prevents undesired features of
the power source from harming the device or interrupting its services
• Backup rotation provides excellent data reliability without overtaxing network or requiring much intervention
• Disaster recovery is the process of restoring critical functionality and data after an enterprise-wide outage
• Critical servers often contain redundant NICs, processors, and/or hard disks to provide better fault tolerance
• Server mirroring involves utilizing a second, identical server to duplicate the transactions and data storage of one server
• Clustering links multiple servers together to act as a single server
![Page 20: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/20.jpg)
25th May 2007 Virtual Infrastructure
Redundant Array of Independent (or Inexpensive) Disks
RAID Level 5—disk striping with distributed parity
![Page 21: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/21.jpg)
25th May 2007 Virtual Infrastructure
Fully redundant T1 connectivity
Redundancy provides load balancing and fault tolerance.
![Page 22: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/22.jpg)
25th May 2007 Virtual Infrastructure
Security
• Choosing secure passwords is one of the easiest and least expensive ways to guard against unauthorized access.
• A security policy identifies an organization’s security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member and each employee, and strategies for addressing security breaches.
• A firewall is a specialized device that selectively filters or blocks traffic between networks.
• A proxy service is a software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.
![Page 23: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/23.jpg)
25th May 2007 Virtual Infrastructure
Physical Security
Badge access security system
![Page 24: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/24.jpg)
25th May 2007 Virtual Infrastructure
Authentication
A RADIUS server providing centralized authentication
![Page 25: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/25.jpg)
25th May 2007 Virtual Infrastructure
Domains = Organizational Units
![Page 26: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/26.jpg)
25th May 2007 Virtual Infrastructure
Trust Relationships
![Page 27: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/27.jpg)
25th May 2007 Virtual Infrastructure
Trust Relationships (continued)
Explicit one-way trust between domains in different trees
![Page 28: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/28.jpg)
25th May 2007 Virtual Infrastructure
Public Key Encryption
![Page 29: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/29.jpg)
25th May 2007 Virtual Infrastructure
Proxy Servers
A proxy server used on a WAN
![Page 30: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/30.jpg)
25th May 2007 Virtual Infrastructure
Network Address Translation
![Page 31: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/31.jpg)
25th May 2007 Virtual Infrastructure
Deep packet inspectionhttp://en.wikipedia.org/wiki/Deep_packet_inspection
• Deep packet inspection (DPI) is a form of computer network packet filtering that examines the data part of a through-passing packet, searching for non-protocol compliance or predefined criteria to decide if the packet can pass. This is in contrast to shallow packet inspection (usually called just packet inspection) which just checks the header portion of a packet.
• DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model. This includes headers and data protocol structures. The DPI will identify and classify the traffic based on a signature database
• A classified packet can be redirected, marked/tagged (see QoS), blocked, rate limited, and of course, reported to a reporting agent in the network.
• Many DPI devices identify flows rather than a packet by packet analysis.• DPI allows phone and cable companies to "readily know the packets of information
you are receiving online--from e-mail, to websites, to sharing of music, video and software downloads"[1] .
• DPI is also increasingly being used in security devices to analyze flows, compare them against policy, and then treat the traffic appropriately (i.e., block, allow, rate limit, tag for priority, mirror to another device for more analysis or reporting).
![Page 32: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/32.jpg)
25th May 2007 Virtual Infrastructure
Project Management
![Page 33: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/33.jpg)
25th May 2007 Virtual Infrastructure
NCRIS National Collaborative Research Infrastructure Strategy (NCRIS) projectshttp://www.ncris.dest.gov.au/
• 5.16 Platforms for collaboration • 5.16.1 Data access and discovery, storage and management • 5.16.2 Grid enabled technologies and infrastructure • 5.16.3 Technical expertise • 5.16.4 High performance computing • 5.16.5 High capacity communications networks
"Platforms for Collaboration" will develop our strengths in other NCRIS categories:
• Evolving Bio-molecular Platforms and Informatics• Integrated Biological Systems• Biotechnology Products• Networked Bio-security Framework• Structure and Evolution of the Australian Continent• Terrestrial Ecosystem Research Network • Population health and clinical data linkage
![Page 34: Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School](https://reader036.vdocument.in/reader036/viewer/2022070307/551af44d55034606048b6235/html5/thumbnails/34.jpg)
25th May 2007 Virtual Infrastructure
Discussion
Future virtual infrastructure• Email spam • voice-over-IP• multicasting• firewall configuration• federated identity management • intellectual property protection• cost-neutral deployment• rapid obsolescence