Scaling Science for Performance: Implementing a Cost-Effective "Big Data" Environment for Research Analysis

These slides support the oral presentations of Gordon Springer and Prasad Calyam delivered at Cyberinfrastructure Day 2013 on October 10, 2013 on the University of Missouri campus

THE IDENTIFICATION OF MAJOR FACTORS IN THE DEPLOYMENT OF A SCIENCE DMZ AT SMALL INSTITUTIONS

The Science DMZ is a network research tool offering superior large science data transmission between two locations. Through a network design that places the Science DMZ at the edge of the campus network, the Science DMZ defines a network path that avoids packet inspecting devices (firewalls, packet shapers) and produces near line-rate transmission results for large data sets between institutions. Small institutions of higher education (public and private small colleges) seeking to participate in data exchange with other institutions are inhibited in the construction of Science DMZs due to the high costs of deployment. While the National Science Foundation made 18 awards in the Campus Cyberinfrastructure program to investigate the designs, methods, costs, and results of deploying Science DMZs at small institutions, there lacks a cohort view of the success factors and options that must be considered in developing the most impactful solution for any given small institution environment. This research examined the decisions and results of the 18 NSF Science DMZ projects, recording a series of major factors in the small institution deployments, and establishing the Science DMZ Capital Framework (SCF), a model to be considered prior to starting a small institution Science DMZ project

An SDN-based firewall shunt for data-intensive science applications

A dissertation submitted to the Faculty of Engineering and the Built Environment, University of the Witwatersrand, Johannesburg, in fulfilment of the requirements for the degree of Master of Science in Engineering, 2016Data-intensive research computing requires the capability to transfer les over long distances at high throughput. Stateful rewalls introduce su cient packet loss to prevent researchers from fully exploiting high bandwidth-delay network links [25]. To work around this challenge, the science DMZ design [19] trades o stateful packet ltering capability for loss-free forwarding via an ordinary Ethernet switch. We propose a novel extension to the science DMZ design, which uses an SDN-based rewall. This report introduces NFShunt, a rewall based on Linux's Net lter combined with OpenFlow switching. Implemented as an OpenFlow 1.0 controller coupled to Net lter's connection tracking, NFShunt allows the bypass-switching policy to be expressed as part of an iptables rewall rule-set. Our implementation is described in detail, and latency of the control-plane mechanism is reported. TCP throughput and packet loss is shown at various round-trip latencies, with comparisons to pure switching, as well as to a high-end Cisco rewall. Cost, as well as operations and maintenance aspects, are compared and analysed. The results support reported observations regarding rewall introduced packet-loss, and indicate that the SDN design of NFShunt is a technically viable and cost-e ective approach to enhancing a traditional rewall to meet the performance needs of data-intensive researchersGS201

OpenFlow-enabled dynamic DMZ for local networks

Doctor of PhilosophyDepartment of Electrical and Computer EngineeringDon M. GruenbacherCaterina M. ScoglioCybersecurity is playing a vital role in today's network. We can use security devices, such as a deep packet inspection (DPI) device, to enhance cybersecurity. However, a DPI has a limited amount of inspection capability, which cannot catch up with the ever-increasing volume of network traffic, and that gap is getting even larger. Therefore, inspecting every single packet using DPI is impractical. Our objective is to find a tradeoff between network security and network performance. More explicitly, we aim at maximizing the utilization of security devices, while not decreasing network throughput. We propose two prototypes to address this issue in a demilitarized zone (DMZ) architecture. Our first prototype involves a flow-size based DMZ criterion. In a campus network elephant flows, flows with large data rate, are usually science data and they are mostly safe. Moreover, the majority of the network bandwidth is consumed by elephant flows. Therefore, we propose a DMZ prototype that we inspect elephant flows for a few seconds, and then we allow them to bypass DPI inspection, as long as they are identified as safe flows; and they can be periodically inspected to ensure they remain safe. Our second prototype is a congestion-aware DMZ scheme. Instead of determining whether a flow is safe or not by its size, we treat all flows identically. We measure the data rates of all flows, and use a global optimization algorithm to determine which flows are allowed to safely bypass a DPI. The objective is to maximize DPI utilization. Both prototypes are implemented using OpenFlow in this work, and extensive experiments are performed to test both prototypes' feasibility. The results attest that the two prototypes are effective in ensuring network security while not compromising network performance. A number of tools for SDN network configuring and testing are also developed

Parks, Peace, and Partnership

Today, over 3,000 protected areas around the world contribute to the protection of biodiversity, peaceful relations between neighbouring countries, and the well-being of people living in and around the protected environs. Historical and geo-political constraints are disappearing in a new spirit of collaboration to address common issues confronting ecosystems, species, and communities. Managing across boundaries is seen as the only way to ensure the long-term viability of ecological systems and sustainable communities. Current international thinking in this area is reflected in this collection of essays by park managers, biologists, scholars, scientists, and researchers. From Waterton-Glacier International Park to the European Alps, and Lake Titicaca in Peru and Bolivia, the essays provide illustrative examples of the challenges and new solutions that are emerging around the world

Rethinking Software Network Data Planes in the Era of Microservices

L'abstract è presente nell'allegato / the abstract is in the attachmen

Unmanned Aerial Vehicle (UAV)-Enabled Wireless Communications and Networking

The emerging massive density of human-held and machine-type nodes implies larger traffic deviatiolns in the future than we are facing today. In the future, the network will be characterized by a high degree of flexibility, allowing it to adapt smoothly, autonomously, and efficiently to the quickly changing traffic demands both in time and space. This flexibility cannot be achieved when the network’s infrastructure remains static. To this end, the topic of UAVs (unmanned aerial vehicles) have enabled wireless communications, and networking has received increased attention. As mentioned above, the network must serve a massive density of nodes that can be either human-held (user devices) or machine-type nodes (sensors). If we wish to properly serve these nodes and optimize their data, a proper wireless connection is fundamental. This can be achieved by using UAV-enabled communication and networks. This Special Issue addresses the many existing issues that still exist to allow UAV-enabled wireless communications and networking to be properly rolled out

Edge and Big Data technologies for Industry 4.0 to create an integrated pre-sale and after-sale environment

The fourth industrial revolution, also known as Industry 4.0, has rapidly gained traction in businesses across Europe and the world, becoming a central theme in small, medium, and large enterprises alike. This new paradigm shifts the focus from locally-based and barely automated firms to a globally interconnected industrial sector, stimulating economic growth and productivity, and supporting the upskilling and reskilling of employees. However, despite the maturity and scalability of information and cloud technologies, the support systems already present in the machine field are often outdated and lack the necessary security, access control, and advanced communication capabilities. This dissertation proposes architectures and technologies designed to bridge the gap between Operational and Information Technology, in a manner that is non-disruptive, efficient, and scalable. The proposal presents cloud-enabled data-gathering architectures that make use of the newest IT and networking technologies to achieve the desired quality of service and non-functional properties. By harnessing industrial and business data, processes can be optimized even before product sale, while the integrated environment enhances data exchange for post-sale support. The architectures have been tested and have shown encouraging performance results, providing a promising solution for companies looking to embrace Industry 4.0, enhance their operational capabilities, and prepare themselves for the upcoming fifth human-centric revolution

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200