1 www.geant.org

Click to edit Master title style

• Click to edit Master text styles• Second level

• Third level• Fourth level

• Fifth level

9/13/2018 1

Federated services

www.geant.org

Enzo CaponeHead of Research Engagement and Support

TICAL2018, Cartagena de India (Colombia)5 September 2018

Supporting users, today and into the future

2 www.geant.org

• Empower users• Create services to help them• Make services easy to use

The mission of R&E networks

In short… solve their problems!

3 www.geant.org

What are their problems?

4 www.geant.org

Who we’ve asked to

5 www.geant.org

#3 - Integrated AAI

International project or collaboration

6 www.geant.org

Federated Identity Management

o Identities from their Home Organizations

oGuest identities support and stronger authentication

o Access based on the role(s)

oOne persistent identity when changing institution

o Ease of use for users and service providers

7 www.geant.org

eduGAIN depends on federations

8 www.geant.org

AARC Blueprint Architecture

o A Blueprint Architecture for authentication and authorizationo A set of architectural and policy

building blocks on top of eduGAINo A solid foundation for federated

access in Research and Education

9 www.geant.org

eduTEAMSmanaging virtual teams made easy

10

• Procurement is still an issue

• Clear justification of cost-effectiveness (vs. in-house)

• Performances (or lack thereof…)

• Integration with local infrastructure/contextualization

#2 - Access to cloud services

11 www.geant.org

ProcurementDiscounted prices for all institutions, large and small

Invoice billing, no credit card needed, accommodating capital expenditure

through upfront commitments

Ready-to-use agreements, which comply with EU

data protection law

Transfer existing educational licenses to the cloud

Manage usage and spending

Sign your contract under

local law

Reduced traffic costs, through suppliers’ connections to the GÉANT network

Single sign-on support (SAML2)

BRINGING THE CLOUD TO THE GROUND

Making online services accessible: easy and safe to usethrough pan-European collaboration and agreements

12 www.geant.org

Cost

Average daily spend Nov 2016 – Oct 2017

Quality & Qualifications institute (QQI) in Ireland

Replaced their previous individual contract with a new one based on the GÉANT IaaS Framework, via HEANet

13 www.geant.org

Collaboration

• Facilitate transition towards cloud computing and building native cloud applications

• Allow resource sharing, maintaining control of use

• Exchange best practices on management and use

• Share catalogue of cloud applications

• Large Scale Service to the whole research community

GARR OfferObjectives

14 www.geant.org

Performances

Courtesy of CERN

Daily

Monthly

15 www.geant.org

Infrastructure

GÉANT NREN

GÉANT General IP

GÉANT CLS VRF

PEERING REN

BGP announcementsNo tag

NREN tag

Cloud Provider tag

16 www.geant.org

Integration

To support the computing capacity needs for the ATLAS

experiment

Setting up a new service to simplify analysis of large genomes, for a

deeper insight into evolution and biodiversity

To create an Earth Observation platform,

focusing on earthquake and

volcano research

To improve the speed and quality of research for finding

surrogate biomarkers based on brain

images

Adopters

Suppliers

• Bringing together researchers, data providers, e-Infras and commercial providers

• Establish multi-tenant, multi-provider cloud infrastructure

• Promoting Public/Private interoperability

• CPs required to be connected to GÉANT

17 www.geant.org

#1 – Storage TCO vs. expected growth

• Assuming (optimistically) flat budgets, data growth won’t be sustainable in ~5 years

• Cost of storage (CAPEX+OPEX) is not decreasing fast enough (not like CPUs and network access)

18 www.geant.org

Life sciences

19 www.geant.org

High Energy Physics

20 www.geant.org

Science facilities timescale

2010 2015 2020 2025 2030 2035Physics

Construct Physics

Design Construct Physics

Construct Physics

LHC

SuperKEKB

HL-LHC

Design Proto Construct PhysicsFCC

Construct PhysicsNeutrinos

ILC

Science

Science

Science

SKA

LSST

CTA

21

22

23 www.geant.org

Delete and re-sample

24 www.geant.org

Other countermeasures

• Reduce replicas

• Shorter data rotation

• Elastic use of cloud resources (but still problem #2)

• Delete and re-compute

25 www.geant.org

New approaches

Data lake model

• Reliable and resilient network

• Data retrieval from the WAN

• Large bandwidth between dc

• Flexible capacity

26 www.geant.org

Tweak the computing model

• Detach storage from computing

• Disk-less computing sites

• On-the-fly data retrieval from the WAN

• Heavy reliance on the network

• Must always be available and has to be fast!

27 www.geant.org

Public InternetGeneva to Canberra

Geneva to Canberra

Geneva to Canberra GEANT + R&E networks US to Australia

GEANT and R&E partners

R&E networks are designed for different goals than Internet

R&E Networks – Optimised for research data transfers

28 www.geant.org

#0 – Ubiquitous (secure) access

29 www.geant.org

eduroam

Free secure Wifi provided by NRENs between campuses

A global network of users across 89 territories.

More than 2 billion international authentications and counting…

eduroam.org@eduroam

30 www.geant.org

eduroam managed IdP

Controlled by the institution from a web browser

Cloud based institutional eduroam IdP infrastructure

Secure and Managed by experts from eduroam Operations Team

High availability, professionally managed central infrastructure

31 www.geant.org

eduVPN – securing access for remote users

Insecure public Wi-Fi

R&E Backbone

eduVPN Gateway

User authentication via eduGAIN

Institution Network

Authenticated &Encrypted Connection

Secure VLAN Connection

Public Internet

PrivateConnectivity

eduVPN provides easy-to-use client software and a secure gateway to authenticate users and encrypt data

32 www.geant.org

Click to edit Master title style

• Click to edit Master text styles• Second level

• Third level• Fourth level

• Fifth level

9/13/2018 32

¡Muchas gracias!

www.geant.org@GEANTnews

vincenzo.capone@geant.org@EnzinoCapone

© GÉANT Association on behalf of the GN4 Phase 2 project (GN4-2).The research leading to these results has received funding fromthe European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 731122 (GN4-2).