Dr. Charles J Antonelli The University of Michigan 10 April 10. A Festschrift for Dr. Richard A Volz 4/12/10 1

Similar documents
administration access control A security feature that determines who can edit the configuration settings for a given Transmitter.

New Technologies: 4G/LTE, IOTs & OTTS WORKSHOP

5620 SAM SERVICE AWARE MANAGER AAA GNE Driver Version Guide

ITU-T Y.4552/Y.2078 (02/2016) Application support models of the Internet of things

HDMI / Video Wall over IP Receiver with PoE

Deploying IP video over DOCSIS

ITU-T Y Functional framework and capabilities of the Internet of things

Deploying IP video over DOCSIS

5620 SAM SERVICE AWARE MANAGER MPTGS Driver Version Guide

Alcatel-Lucent 5620 Service Aware Manager. Unified management of IP/MPLS and Carrier Ethernet networks and the services they deliver

Integrating Device Connectivity in IoT & Embedded devices

Datasheet. Powerful 2x2 MIMO airmax BaseStation. Models: M5, RM5-Ti, M3, M365, M2, RM2-Ti, M900. Advanced Software Technology to Maximize Performance

Datasheet. Powerful 2x2 MIMO airmax BaseStation. Models: M5, RM5-Ti, M3, M365, M2, RM2-Ti, M900. Advanced Software Technology to Maximize Performance

Milestone Solution Partner IT Infrastructure Components Certification Report

Paper review on Mobile Fronthaul Networks

ITU-T Y Reference architecture for Internet of things network capability exposure

Architecture of Industrial IoT

Datasheet. Dual-Band airmax ac Radio with Dedicated Wi-Fi Management. Model: B-DB-AC. airmax ac Technology for 300+ Mbps Throughput at 5 GHz

Device Management Requirements

MR42. Datasheet MR42. Product Highlights

SWITCHED BROADCAST CABLE ARCHITECTURE USING SWITCHED NARROWCAST NETWORK TO CARRY BROADCAST SERVICES

5620 SERVICE AWARE MANAGER. NTP Driver Version Guide

DELL: POWERFUL FLEXIBILITY FOR THE IOT EDGE

Frequently Asked Questions: Cable TV and Next Generation CAP EAS

Ending the Multipoint Videoconferencing Compromise. Delivering a Superior Meeting Experience through Universal Connection & Encoding

Model- based design of energy- efficient applications for IoT systems

PCIe: EYE DIAGRAM ANALYSIS IN HYPERLYNX

Huawei AT815SN Brochure-Detailed

T : Internet Technologies for Mobile Computing

Cisco Video Surveillance 6400 IP Camera

WyreStorm Technologies

ITU-T Y Specific requirements and capabilities of the Internet of things for big data

5620 SAM SERVICE AWARE MANAGER. SMM GNE Driver Version Guide

PRODUCT BROCHURE. Gemini Matrix Intercom System. Mentor RG + MasterMind Sync and Test Pulse Generator

MR70. Datasheet MR70. Dual-band, ac Wave 2 ruggedized access point delivering basic enterprise wireless for outdoor or low-density deployments

ETR mm. 31mm. 91mm. Wireless-N 3G Router & Client Bridge PRODUCT DESCRIPTION

5620 SAM SERVICE AWARE MANAGER 14.0 R8. Integration Guide

5620 SAM SERVICE AWARE MANAGER 14.0 R9. Integration Guide

HDBaseT vs. IP. Bob Ferguson, RCDD, CTS I Belden Regional Sales Engineer Broadcast and Audio Video Group

PRODUCT BROCHURE. Broadcast Solutions. Gemini Matrix Intercom System. Mentor RG + MasterMind Sync and Test Pulse Generator

5620 SAM SERVICE AWARE MANAGER 14.0 R9. FlexiPacket Microwave User Guide

DVR or NVR? Video Recording For Multi-Site Systems Explained DVR OR NVR? 1

HVWIP-Series (HVWIP-T + HVWIP-R)

F5 Network Security for IoT

An Introduction to PHP. Slide 1 of :31:37 PM]

Samsara VS2 Series Vision System

H.264 HDMI Extender over IP Extender With LED, Remote, POE, RS232 Operating Instruction

UCR 2008, Change 3, Section 5.3.7, Video Distribution System Requirements

SERVICE DESCRIPTION VIDENS SD-WAN SERVICE MANAGEMENT

Cisco Video Surveillance 6050 IP Camera Data Sheet

Datasheet. Shielded airmax Radio with Isolation Antenna. Model: IS-M5. Interchangeable Isolation Antenna Horn. All-Metal, Shielded Radio Base

The CIP Motion Peer Connection for Real-Time Machine to Machine Control

RUCKUS IoT SUITE DATA SHEET BENEFITS

Business Case for CloudTV

Plug & Play Mobile Frontend For Your IoT Solution

IoT Enabler, from the Things to the Services and Service Platform

The Deltix Product Suite: Features and Benefits

DM Scheduling Architecture

Y10 LED lamp screen wireless group control solution

LandRake HYC V 4006-MIMO Series 4GHz PTP / NATO Mobile Mesh Series

Jupiter PixelNet. The distributed display wall system. infocus.com

PixelNet. Jupiter. The Distributed Display Wall System. by InFocus. infocus.com

Fronthaul solutions

Enabling home networking for digital entertainment TM. IEEE Presentation. March 2005

A Whitepaper on Hybrid Set-Top-Box Author: Saina N Network Systems & Technologies (P) Ltd

The Administrator s Guide to using EndNote online

Scalable Media Systems using SMPTE John Mailhot November 28, 2018 GV-EXPO

User Manual for ICP DAS WISE Monitoring IoT Kit -Microsoft Azure IoT Starter Kit-

-TECH DIGITAL. Explore The High DefinitionWorld. Website: Hot Line: [US] USER MANUAL

DVB-T and DVB-H: Protocols and Engineering

IERC Standardization Challenges. Standards for an Internet of Things. 3 and 4 July 2014, ETSI HQ (Sophia Antipolis)

Evolution to Broadband Triple play An EU research and policy perspective

An Inverse Evaluation of Netflix Architecture Using ATAM

Datasheet. Shielded airmax Radio with Isolation Antenna. Model: IS-M5. Interchangeable High-Isolation Horn Antenna. All-Metal, Shielded Radio Base

Exploiting digital terrestrial television for the support of telelearning

Ikusi Flow. Advanced configuration guide

FOSS PLATFORM FOR CLOUD BASED IOT SOLUTIONS

White Paper Customized IPTV Setups with TVCaster Server Appliances

2G Video Wall Guide Just Add Power HD over IP Page1 2G VIDEO WALL GUIDE. Revised

Recomm I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n

Overview When it comes to designing a video wall system that looks great and synchronizes perfectly, the AV Binloop HD and AV Binloop Uncompressed

3rd Slide Set Computer Networks

What you need to know about IoT platforms. How platforms stack up in IoT

Spec Sheet R&S SpycerBox family

Meraki MR Access Point

VNP 100 application note: At home Production Workflow, REMI

DETEXI Basic Configuration

Microsoft's IoT Vision and Roadmap. Tony Shakib General Manager, Azure IoT Microsoft

Issue 67 - NAB 2008 Special

Datasheet. Powerful airmax ac BaseStation. Model: R5AC-Lite. airmax ac Technology for up to 500+ Mbps Throughput

DOCSIS 3.1 Development and its Influence on Business

Adding the community to channel surfing: A new Approach to IPTV channel change

PMP 450m cnmedusa Demonstration Guide

IoT Challenges & Testing aspects. Alon Linetzki, Founder & CEO QualityWize

Internet of Things Telecommunication operator perspective

ENGINEERING COMMITTEE Energy Management Subcommittee SCTE STANDARD SCTE

Scion-Tech Ltd Digital Video Distribution

CHECK OUT THESE KEY TOPICS

ANSI/SCTE

Impact Of IoT (Internet of Things) On Cable MSOs

Transcription:

Dr. Charles J Antonelli The University of Michigan 10 April 10 A Festschrift for Dr. Richard A Volz 4/12/10 1

Contributors U-M Center for Information Technology Integration Andy Adamson, Charles Antonelli, Olga Kornievskaia, Peter Honeyman, Nathan Gallaher, David Richter U-M MGRID Jim Irrer, Beth Kirschner, Shawn McKee U-M ITS Comm Roy Hockett, Walt Reynolds Work supported by U-M OVPR and ITS Comm A Festschrift for Dr. Richard A Volz 4/12/10 2

Roadmap Motivation SeRIF Framework NTAP Instance Future Work A Festschrift for Dr. Richard A Volz 4/12/10 3

U-M Core Campus Network 2007 Arbor Lakes 10 Gigabit Ethernet FXB Cooley ATM OC3c/OC12c (Previous Gen) LSA SEB Plant A A Festschrift for Dr. Richard A Volz 4/12/10 4

U-M Campus Network 2007 IP Telephones Workstations Wireless APs Data VLAN VOIP VLAN Wireless VLAN VLAN Trunk A Festschrift for Dr. Richard A Volz 4/12/10 5

U-M Campus Network 2007 A Festschrift for Dr. Richard A Volz 4/12/10 6

Motivation End-to-end functionality & performance Where is the problem? Few existing tools Manual procedures Little sharing of techniques & results No end-to-end capabilities Poor security A Festschrift for Dr. Richard A Volz 4/12/10 7

Requirements Secure operation Authentication, communication, authorization, execution Authentication Strong, time-limited credentials Authorization Fine-grained, by actor and activity Information storage Secure, scalable, visualization Extensible Add arbitrary operations Leverage existing campus systems A Festschrift for Dr. Richard A Volz 4/12/10 8

SeRIF SeRIF : Secure Remote Invocation Framework Purpose : provide a secure and extensible remote process invocation service, with strong authentication and flexible authorization A Festschrift for Dr. Richard A Volz 4/12/10 9

SeRIF Architecture Central portal host Authentication Control (invocation, parameters, results) Databases (LDAP) Dedicated remote nodes Gatekeeper Local scheduler for execution and cleanup Provides status and output redirection Fine grained authorization at resource Based on Globus, GARA Adds fine-grained authorization Walden A Festschrift for Dr. Richard A Volz 4/12/10 10

SeRIF Architecture Portal Apache mod ssl mod kct mod kx509 mod php mod jk Tomcat CHEF LDAP Output NW Topology WALDEN Authorization SSL Client Certificate required 4 5 GSI 6 SASL 8 3 Kerberos V5 KCT KCA KDC Resource GateKeeper Resource Mgr Resource 2 1 SASL 7 User Workstation Browser libpkcs11 kx509 kinit WALDEN Authorization A Festschrift for Dr. Richard A Volz 4/12/10 11

NTAP NTAP : Network Testing and Performance Purpose : provide a secure and extensible network testing and performance tool invocation service at U-M Uses SeRIF framework Runs on portal host and Performance Measurement Platforms (PMPs) attached to routers in a VLAN environment A Festschrift for Dr. Richard A Volz 4/12/10 12

NTAP Architecture Host A Host B Router 1 Router 2 Router 3 Portal GSI GSI GSI PMP 1 PMP 2 PMP 3 Authorization Walden AFS PTS Flat File A Festschrift for Dr. Richard A Volz 4/12/10 13

NTAP I Bandwidth reservation tool: Securely modifies network switch configurations to provide differentiated services Based on GARA extension General-purpose Architecture for Reservation and Allocation Layered on Globus Includes scheduler for future reservations Implements modular, fine-grained, role-based authorization Added signed group membership(s) to reservation data Keynote policy engine / AFS PTS group service A Festschrift for Dr. Richard A Volz 4/12/10 14

NTAP II Added PERMIS authorization plug-in Generalized to run securely arbitrary programs at a Grid service endpoint Automatic path discovery traceroute & topology database Multihomed PMP support source address selects per-vlan route Production hardening recovery, packaging & installation A Festschrift for Dr. Richard A Volz 4/12/10 15

Output Database Test program outputs captured Stored in LDAP database Database display tool Output hop-by-hop matrix display Color-coded test history Click through cells for detailed views Links to most recent tests Config file for rapid prototyping A Festschrift for Dr. Richard A Volz 4/12/10 16

NTAP III Deployment PMPs deployed at CITI, ITCom, Merit 10 Gbps PMPs PCI-X vs. PCI-X V2.0 vs. PCIe Walden authorization plug-in Additional Path Testing Host Endpoint Testing Automated Testing Profile-based Interface A Festschrift for Dr. Richard A Volz 4/12/10 17

Walden Fine-grained authorization at gatekeeper Walden policy engine / XACML policy file Resource, Action, Subject attributes Demo policy Any authenticated principal may run a test on designated PMPs Specific principals may run a test on any PMP A Festschrift for Dr. Richard A Volz 4/12/10 18

Walden A Festschrift for Dr. Richard A Volz 4/12/10 19

Additional Path Testing Adds customer-specified tests to schedule endpoint - add R1-Rn cascade - add R1-R2, R1-R3,, R1-Rn Router 1 Router 2 Router 3 Router n A Festschrift for Dr. Richard A Volz 4/12/10 20

Host Endpoint Testing First mile problem Leverages Network Diagnostic Tester Uses JavaWebStart to run signed apps on client Client downloads NDT app Multi-step process User clicks two links Host A Client identifies first-hop router and attached PMP running NDT server Client runs NDT test and displays results as usual NDT server sends results to NTAP database Router 1 A Festschrift for Dr. Richard A Volz 4/12/10 21

Automated Testing Need repetitive, automated testing but with secure authentication and authorization Solution: renewable credentials User obtains long-term credentials Portal schedules repetitive testing Prior to a test cycle, portal validates long-term credential and derives from it a short-term credential Rest of SeRIF architecture unchanged A Festschrift for Dr. Richard A Volz 4/12/10 22

Profile-based Interface Tests specified via test profile, composed of A path map One or more application profiles An output profile Database of path maps and profiles Segment mapped or user-specified Captures common test configurations Leverages testing expertise Maps and profiles stored in LDAP database A Festschrift for Dr. Richard A Volz 4/12/10 23

Future Work Statistical, longitudinal summaries Graph the topology database Alternatives to topology database Active infrastructure probing Automated tools Tune TCP stack (NDT) Cross-domain measurements A Festschrift for Dr. Richard A Volz 4/12/10 24

Cross-Domain SeRIF A Festschrift for Dr. Richard A Volz 4/12/10 25

Cross-Domain SeRIF Cross-domain authentication Globus, Shibboleth, Local authentication (CoSign, ) Cross-domain authorization Who can inject packets into my network core? With whom will I share results? Replicated portals Inter-portal protocol A Festschrift for Dr. Richard A Volz 4/12/10 26

SeRIF Resources SeRIF & NTAP http://www.citi.umich.edu/projects/ntap Frameworks Tools Globus http://www.globus.org/ GARA http://qos.internet2.edu/houston2000/proceedings/roy/20000209 QoS2000 Roy.pdf Walden http://www.mgrid.umich.edu/projects/walden.html iperf http://sourceforge.net/projects/iperf/ ndt http://e2epi.internet2.edu/ndt/ owamp http://e2epi.internet2.edu/owamp/ References Andy Adamson and Olga Kornievskaia, A Practical Distributed Authorization System for GARA, CITI Tech Report #01 14, Center for Information Technology Integration, The University of Michigan, 2001. A Festschrift for Dr. Richard A Volz 4/12/10 27

Any Questions? A Festschrift for Dr. Richard A Volz 4/12/10 28

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback