SDN, IDM, and Research Computing at Duke

Internet2 Technology Exchange - October 7, 2015 !

Mark McCahill Office of Information Technology

Duke University

ProblemResearchers need to assemble tools + resources storage compute connectivity dataset access analysis tools (code/environments) dataset “publication” & provenance

More problemsResearchers need to assemble teams and manage access for their project suite storage compute connectivity dataset access analysis tools (code/environments) dataset “publication” & provenance

SolutionsHow can we reduce friction for researchers?

• On-demand, dynamic compute/storage

• Packaged analysis environments (such as Docker containers) so analysis tools are mobile and reproducible

• Switchboard application: user-driven on-demand SDN network configuration to bypass speed bumps

Why SDN?Core campus network has speed bumps:

• firewalls • intrusion prevention/intrusion detection systems

SDN is designed for automated configuration

Self-service configurable research bypass network

Researcher access to national backbones

SDN core network bypass

switchboard

SDN controller (Ryu REST router)

SDN switch

SDN switch

SDN switch

control plane

REST configuration commands

data plane

user requests network config changes

authorization/approvals

Architecture

switchboard

SDN controller (Ryu REST router)

!switch

SDN switch

!switch

control plane

REST configuration commands

OpenFlow

authorization & approvals

SDN bypass network

Campus NetworkCampus

Network

Switchboard demo

Run your own Switchboard!

Switchboard application

https://github.com/mccahill/switchboard

Plexus SDN controller code

https://github.com/vjorlikowski/plexus

SolutionsHow can we reduce friction for researchers?

Research Toolkits application

• Allow researchers to manage groups/roles in a form they understand

• Apply the roles to tools and resource suites on a per-project basis

Research Toolkits storage

Grouper

projects = team + tool suite definitions

groups / roles (by project)

Architecture

projects

tool 1 tool 2

… tool n

tool 1 tool 2

… tool n

tool 1 tool 2

… tool n

team Cteam A team B

plug-ins for provisioning

compute

job scheduling

dataset access

SDN/Switchboard Shib/SAML

LDAP / AD

roles+rights

create an instance

service capabilities

Research Toolkits demo

Research Toolkits strategyAbstract role/group management from tools

Basic resource provisioning: storage, compute, dataset access, analysis tools

More advanced provisioning: orchestration of compute/storage and SDN network configuration

Groups/roles that span institutions - selective attribute release for cross institutional group membership?

Switchboard strategyCampus SDX (Software Defined Exchange) • campus core bypass links for science DMZ • interconnects layer 2 services (AL2S, BEN, etc.)

Start with self-service app (Switchboard)

Enable DevOps-style automation and actions/approvals/audits via Switchboard API

Integrate Research Toolkits roles with Switchboard authorizations

Summary

• Tie the rights to make SDN bypass links with Switchboard to research projects

• Tool agnostic project/team/rights management for research projects with Research Toolkits

• Integrate services with Research Toolkits and Grouper via plugin architecture

funding for this work was supplied by the National Science Foundation

Data at the Speed of Trust NSF ACI-1440588 - CC*IIE IAM

Network Infrastructure: Using Software-Defined Networking to Facilitate Data Transfer

NSF OCI-1246042 - CC-NIE

Duke ON-RAMPS: OpenFlow-Enabled Network Resource Access that is Manageable, Programmatic, and Safe

NSF CNS 1243315 - EAGER

https://duke.box.com/internet2-techx-2015

mark.mccahill@duke.edu