connect magazine issue 18

THE MAGAZINE FROM THE GÉANT COMMUNITY | ISSUE 18 2015

INNOVATIONWITH IMPACTAN IN-DEPTH LOOKAT GÉANT’S FIRSTOPEN CALL

SPECIAL EDITION

GLOBAL EARTHOBSERVATION:Q&A WITHBARBARA J RYAN

STAFF SECONDMENT:BROADENING STAFFHORIZONS

ENABLING USERS:EDUGAIN SUPPORTSCOLLABORATION

CCOONNNNEECCTT

QQ&&AATalking Earth Observation with Barbara J. Ryan

0066

CCOONNTTEENNTTSSCCOONNNNEECCTT NNEEWWSSBob Day,GÉANT CEOawarded anMBE

0022

CCOOMMMMUUNNIITTYYNNEEWWSSDigital CulturalHeritage-Roadmapfor Preservation

5544QQ&&AAInterview withGÉANT secondees. Could a secondment be for you?

5522

CCOONNNNEECCTT NNEEWWSSCall for CommunityAwards nominations!

0033

CONNECT is the quarterly magazine from the GÉANTcommunity; highlighting key areas of interest, updates on the project and its vital work supporting European researchand education. We give insights into the users who dependon the network, and the community that makes GÉANT whatit is. We welcome feedback at [email protected]

Published by the GÉANT (GN3plus) project, under the NA2 Communications Activity Task 1 | Editors: PPaauull MMaauurriiccee ((TTaasskk LLeeaaddeerr)) aanndd TTaammssiinn HHeennddeerrssoonn ((MMaarrkkeettiinngg OOffffiicceerr))..

Hyperlinks: CONNECT is produced as a digital magazine also made available in print. To view the digital edition and benefit from hyperlinks to further information, please see: http://connect.geant.net

For digital or printed subscriptions/unsubscriptions email [email protected]

eedduurrooaamm®® iiss aa rreeggiisstteerreedd ttrraaddeemmaarrkk ooff TTEERREENNAA aanndd aallll ootthheerr bbrraanndd,, ccoommppaannyy aanndd pprroodduucctt nnaammeess aarree ttrraaddeemmaarrkkss ooff tthheeiirr rreessppeeccttiivvee oowwnneerrss..

CONNECT magazine has beenshortlisted for the 2014 CorpCommsaward for best not-for-profit publication.

CCOOMMMMUUNNIITTYYNNEEWWSSNews from our partners

5566

01

AABBOOUUTTGGÉÉAANNTT An at-a-glanceguide to theGÉANT project

7766

SSEERRVVIICCEESSeduroam, eduGAIN, Box, Netskope, Bandwidth on Demand

4422

QQ&&AAInterview withAnn Harding of SWITCH

6666 GGLLOOBBAALL NNEEWWSSThe future ofEUMEDCONNECTand Pan-Arabnetworks

7700

We have more plans afoot forfuture issues of CONNECT, but in themeantime if you have news to share,or would like to comment specificallyon topics in this issue, please let usknow at [email protected]

As part of our ongoing efforts toshine light onto the extraordinaryusers of GÉANT, we were honouredrecently to catch up with Barbara J.Ryan, Secretariat Director of theintergovernmental Group on EarthObservations. Starting on page 6,you can read about her incredible jobbringing together dispersed usersfrom all over the world, as part ofGEO’s ongoing commitment to unifyEarth Observation systems.

GÉANT is certainly a diverse andgrowing community. In ourCommunity and Global sections youcan read contributed articles fromparts of this community acrossEurope and further afield as theyproudly share their news. It’s great tosee so many of you getting in touch –please continue to do so!

EEddiittoorrssPaul Maurice & TamsinHenderson

WWEELLCCOOMMEE TTOO TTHHIISS SSPPEECCIIAALL EEDDIITTIIOONN OOFF CCOONNNNEECCTT!!

Launched in April 2013,GÉANT’s first competitiveOpen Call was highlyoversubscribed, attracting 70

project proposals across 18 topicareas. Rigorous and independentselection reduced this to the final 21projects, each benefiting from ECfunding to complement and enhanceexisting research carried out inGÉANT, but also bringing in freshideas and supporting innovative usesof the network.

In a special focus beginning onpage 10, we look in more detail at thework that has been done by theprojects and explain the widerGÉANT Innovation Programme inwhich these Open Call projectsoperate.

SSPPEECCIIAALLFFOOCCUUSSOverview of GÉANT’s first Open Call

1100

CONNECT NEWS

02 CONNECT ISSUE 18 2015

CCOONNGGRRAATTUULLAATTIIOONNSSTTOO GGÉÉAANNTT CCEEOO,, BBOOBB DDAAYY,, AAWWAARRDDEEDDAANN MMBBEE

Since then I’ve worked on manyprojects to develop Janet’s capabilities,such as to upgrade the network fromthe tens of Mbps we had then to thehundreds of Gbps we have now. I’vealso had a particular interest indeveloping Janet’s’s policy frameworks,so that it can serve as wide a range ofusers as possible.

Part of this has been extending Jisc’sbenefits to the wider R&E communityacross the UK – as a result Jisc now hasa “footprint” of around 18m users, fromchildren just starting school toresearchers making breakthroughs inparticle physics, cosmology or medicine.

But it’s also been about enabling Jiscto support collaboration. Internationally,of course, but also nationally in providingconnectivity and services, with sectorssuch as health and local government.This aspect continues with increasedfocus as the UK Government recognisesjust how important it is to the economyto have a powerful and flexible NREN.Something all members of GÉANTwould agree with!

WWHHAATT DDOOEESS TTHHEEAAWWAARRDD RREECCOOGGNNIISSEE??With over 20 years of involvement withJisc, those who were kind enough tonominate me were also thinking of ourlatest major initiative to refresh the Jiscbackbone – the Janet6 project. Really,the combined work of all my colleaguesand collaborators – has been to makeaccess to communications andcomputing services an entitlement ratherthan a privilege.

As a PhD student I spent many hoursin libraries trying to find information,waiting for a journal to be returned, orwriting to potential collaborators in thehope of receiving information – on paperand by post of course. That now seemsridiculous and it’s clear we’re on thecusp of a revolution in providing fast andreliable access to R&E data, wherever it is.

TTEELLLL UUSS AABBOOUUTT YYOOUURRRROOLLEE AATT GGÉÉAANNTT AANNDDWWHHYY IITT IISS AANNIIMMPPOORRTTAANNTT PPAARRTT OOFFYYOOUURR WWOORRKK??My involvement with GÉANT has beenas a director and Chair of DANTE (nowGÉANT). I’ve led some importantstrategic developments, working withthe management team. More latterly, Iled merging DANTE with TERENA. NowI’m carrying out an interim ChiefExecutive role to ensure we continue themomentum generated by the mergerwhilst our new Board settles in.

The GÉANT network has alwaysbeen important to Jisc. We firmlybelieve R&E education is a globalactivity, and that we can best meet ourusers’ global needs through strongcollaboration at a pan-European ratherthan bilateral level. So, for Jisc, GÉANTmust continue to succeed, and I andother Jisc colleagues will continue toensure this in the ways we best can.

My time working with the staff atGÉANT is a constant reminder of theprofessionalism and dedication everyonehas to this collaboration. I feel very luckyto have been able to be a small part of that.

Dr Bob Day, Executive Director,Janet at Jisc and currentlyChief Executive Officer ofGÉANT, has been awarded an

MBE as part of the Queen’s New YearHonours List 2015, for services toInformation Technology.

Educated as a physical chemist, itwas during Bob’s postdoctoral researchthat his interest in the application ofdistributed computing to scientificresearch was first engaged. This led himto pursue a career in the development ofresearch and education networking.CONNECT caught up with Bob todiscover more about his journey toachieving this prestigious award.

TTEELLLL UUSS AABBOOUUTT YYOOUURR WWOORRKK WWIITTHH UUKK RREESSEEAARRCCHH AANNDDEEDDUUCCAATTIIOONN??I first joined Jisc in 1991. At that timethe concept of the internet and IP wasjust becoming established acrossEuropean R&E (research and education)networks. My first job was to bring IPinto Janet, replacing the old X.25-basedprotocols that had served us well butwere running out of steam.

This opened up a whole world ofcollaborative opportunities for R&E in theUK. In those days even being able toemail a colleague in another country wasan achievement. Suddenly all sorts ofnew services became possible – thedevelopment of the web as an incrediblyrich source of information, the ability touse computing and access datacollaboratively - that were previouslyfraught with difficulties.

CONNECT NEWS

03

22001155 CCOOMMMMUUNNIITTYY AAWWAARRDDSS:: NNOOMMIINNAATTIIOONNSS WWEELLCCOOMMEE

• Has made a significant contribution toa number of community activities over a sustained period

• Has made significant contributions to important/recognisable developmentswithin the past 12 months.

Winners could be individuals or smallteams of named individuals. Winningnominee(s) should meet the sameaffiliation requirements as those forpeople submitting nominations.

WWHHOO CCAANN SSUUBBMMIITTNNOOMMIINNAATTIIOONNSS??Nominations are welcome from:

• Staff employed or sub-contracted by: GÉANT Project partner organisations;GÉANT Association Cambridge or Amsterdam offices (formerly DANTE and TERENA); GÉANT Association member organisations (associates and national or representative members)

• National or continental research and education networking organisations from outside Europe

• Individuals who participate in one or more GÉANT Association task force(s) or other GÉANT activities, whether by attending meetings or simply being on the mailing list

• Other individuals who have registered to attend TNC15.

A maximum of two submissions perperson will be accepted; if morenominations are submitted, only the firsttwo will be taken into account. Pleaseremember to clear your browser’s cachememory before submitting a secondnomination.

HHOOWW TTOO SSUUBBMMIITTNNOOMMIINNAATTIIOONNSSNominations can be submitted using the online nomination form athhttttppss::////wwwwww..ssuurrvveeyymmoonnkkeeyy..ccoomm//ss//99GG33KK33PPGG.

BBAACCKKGGRROOUUNNDDIINNFFOORRMMAATTIIOONNSince 2012, TNC has been the placewhere public recognition has been givento members of the research andeducation networking community fortheir contributions to the development ofrelevant technologies and services or tocollaborative community activities. Theseawards were introduced by TERENA(now the Amsterdam office of GÉANT)and received sponsorship from theGÉANT Project (managed by theCambridge office of GÉANT, formerlyDANTE) for the first time in 2014. Thissponsorship primarily coversadministrative costs and allows greatercommunity say in the selection processby providing a judging procedure and anomination system that invitesnominations from and about people inEurope and other world regions.

Nominations are invited for the2015 research and educationnetworking CommunityAwards. These awards are

intended to show gratitude and respectto teams or individuals who have sharedtheir ideas, expertise and time with thecommunity, often voluntarily and throughgood will. Up to three nominees may beselected by a panel of judges from theGÉANT community. The winner(s) will bepresented with a small personal gift onThursday 18 June during the closingplenary session of the 2015 NetworkingConference (TNC15) in Porto, Portugal.Nominations can be submitted onlineuntil midnight on 29 March.

The nomination procedure that wasintroduced and proved successful in2014 has been slightly improved for thisyear, with fewer questions on thesubmissions form and a longer period inwhich to nominate candidates

WWHHOO CCAANN BBEENNOOMMIINNAATTEEDD??Nominees should meet one or more ofthe following criteria:

• Has shared an idea with the community that developed into something significant such as a well-used tool or service

If you have any queries, pleasecontact: pprr@@tteerreennaa..oorrgg

Information about past CommunityAward winners can be found at:hhttttppss::////wwwwww..tteerreennaa..oorrgg//aabboouutt//ppeeooppllee//aawwaarrddss//iinnddeexx..pphhpp

Picture2014 awards:from left to right,ValentinoCavalli, StefanWinter (winner),Dorte Olesenand Jan Meijer(winner)

https://www.terena.org/about/people/awards/index.php

https://www.terena.org/about/people/awards/index.php

https://www.surveymonkey.com/s/9G3K3PG

https://www.surveymonkey.com/s/9G3K3PG


CONNECT NEWS

GGÉÉAANNTT AACCCCEELLEERRAATTEESS EEUURROOPPEEAANN EE--IINNFFRRAASSTTRRUUCCTTUURREEAANNDD EEAARRTTHH SSCCIIEENNCCEESS PPAARRTTNNEERRSSHHIIPPSSWWOORRKKSSHHOOPP OOPPEENNSS DDOOOORR TTOO BBEETTTTEERR CCOOLLLLAABBOORRAATTIIOONN

• To develop and deepen a two-way dialogue so users are aware of the many e-infrastructure services and applications that can assist them in their work

With help from EIDA (EuropeanIntegrated Data Archive), EPOS(European Plate Observing System) andKNMI (Royal Netherlands MeteorologicalInstitute), the workshop addressedcurrent topics of interest to the EarthScience community, such as IdentityManagement, AAI and eduGAIN; datamanagement and computing and cloudservices.

Key decision makers and scientistswere represented from across thecommunity, including: The British

Geological Survey, satellite data(COPERNICUS), Solid Earth Scienceand computational seismology andclimate organisations.

BBEENNEEFFIITTSS AANNDDOOUUTTCCOOMMEESSUsers took away a much clearer view of the services available to them throughe-infrastructures. Likewise, the e-infrastructures now have a betterunderstanding of how Earth Sciencesusers and associated projects andinfrastructures work - and the issuesthey face.

WWHHYY GGÉÉAANNTT??GÉANT is a flagship Europeane-Infrastructure, key to keeping Europeat the forefront of the global researchrace. To do this, e-infrastructures mustbe supported. As the essential buildingblocks for Europe’s Earth Sciencecommunity, they enable the circulation of knowledge and the shared use ofimportant ICT tools and resources.

The GÉANT project is well positionedto coordinate knowledge exchangebetween other e-infrastructures and theirusers. The workshop brings them onestep closer to better supporting globalresearch collaborations through aseamless, open space for onlineresearch.

As a result of the meeting, solid, co-ordinated actions, including deeperinvestigations in to data managementand Cloud Services are alreadyunderway, with plans to further fostercollaboration and communicationbetween participants.

On 22 and 23 January this year,GÉANT - in collaboration withEuropean e-infrastructuresEGI, PRACE and EUDAT -

organised a knowledge-sharingworkshop to increase dialogue with theEarth Sciences community.

The workshop, held in Amsterdam,brought together key Earth Sciencesusers and research infrastructuresdedicated to solving some of mankind’smost pressing issues.

The objective was two-fold.

• To better understand the requirements of the Earth Science community so that e-infrastructures can stay one step ahead of their needs.

05

CONNECT NEWS

CCAATTHHRRIINN SSTTÖÖVVEERRAANNNNOOUUNNCCEEDD AASS FFIINNAALLIISSTTIINN TTHHEE 22001155 FFDDMMEEVVEERRYYWWOOMMAANN IINNTTEECCHHNNOOLLOOGGYY AAWWAARRDDSS

supporting women, but who can alsoact as powerful role models. The GÉANTproject offers an excellent platform topromote women in technology. Cathrin’srole very tangibly shows the value acareer in IT can deliver to women, and tosociety as a whole, and this is a keydriver in inspiring women into the sector.

Cathrin was selected after a rigorousinterview process, during which she wasevaluated by a panel of high profiletechnologists from across industry. Shejoins a strong category including seniorexecs from American Express, VMwareInternational and Credit Suisse AGE.

The winner will be announced inLondon on 17th March. Find out moreat wwwwww..eevveerryywwoommaann..ccoomm

Cathrin is one of four finalists to be announced in theInternational Leader of theYear category in the

prestigious 2015 FDM everywoman inTechnology Awards.

As Chief International Relations andCommunications Officer, Cathrin wasnominated for her work supporting theglobal connectivity of GÉANT. Throughthis she is both supporting women andinspiring them – by delivering digitalopportunities to a worldwide audience.

“Before you light a fibre, or set downa single line of code, you have tonetwork people. This is what Cathrindoes.” Ann Harding, GÉANT ActivityLeader.

The award calls for people who candemonstrate not only that their work is

WWHHYY TTHHEEAAWWAARRDDSS??The British tech industry isthriving, predicted to be worth£221bn by 2016. As a result itis estimated that by 2022 theUK will need at least 1.82million new engineering,science and technologyprofessionals.

Advances in technologyhave created a huge variety offascinating new careers frommobile technology to energyrequirements. Yet despite this,only one in 20 IT job applicantsis female according to half oftech employers.

The reasons for this arevaried, but unhelpfulstereotypes and low take up ofSTEM subjects in schools areregularly cited as reasons whythe industry lacks genderdiversity.

The tech industry is cryingout for fresh talent with nearlyhalf of all technology firmsseeking to hire more staff.

Research shows that rolemodels and opportunities tonetwork are key to counteringthis talent deficit and the FFDDMMeevveerryywwoommaann iinn TTeecchhnnoollooggyyAAwwaarrddss is the industry’s mostinfluential programme that bothcelebrates and inspires.

https://www.everywoman.com/techawards15



www.everywoman.com

USERS

QQ&&AA WWIITTHH BBAARRBBAARRAA JJ.. RRYYAANN


USERS

Barbara J. Ryan is SecretariatDirector of the intergovernmentalGroup on Earth Observations (GEO) in Geneva, Switzerland. Barbara leads the Secretariat in coordinating theactivities of 96 Member States, the EuropeanCommission and 89 Participating Organisations.Together they are striving to integrate Earthobservations into decision making across nine societalbenefit areas: agriculture, biodiversity, climate,ecosystems, energy, disasters, health, water andweather.

GÉANT is a Participating Organization in GEO, recentlypublishing a report on how research and educationnetworks can support the EO community as part of theproject’s ongoing contribution. GÉANT’s key role is inthe establishment of a worldwide communicationsnetwork; engaging with European Earth Observationsinfrastructures and collaborations to assess technicaland user requirements.

CONNECT spoke to Barbara about the GEO initiative,its challenges, and her ambitious vision for the future.

LLEETT’’SS SSTTAARRTT WWIITTHH SSOOMMEEBBAACCKKGGRROOUUNNDD……The GEO Secretariat comprises about20 people. Five or six of us are oncontracts and the remainder aretechnical experts seconded for one tothree years from Member governmentagencies and Participating Organizations(POs). We’re small, and very thankful tothe Members and POs for sending ustheir people.

GEO was initiated following theWorld Summit on SustainableDevelopment in 2002. Industrialisednations came together and said, ‘Whydon’t we have a better overview of theenvironmental challenges facing oursociety? We see the benefit ofcoordinated Earth observations.Countries need to come together - giveus a better picture of the globalsituation’.

This is what GEO is now doing. Theproject coordinates the establishment ofa Global Earth Observation System ofSystems (GEOSS), as part of a 10-yearimplementation plan (2005 – 2015).

In addition to our 97 Members and89 Participating Organisations, last yearwe began engaging with the privatesector. All are coming together in thiscollaborative platform with one commonpurpose: to ensure coordinated Earthobservations are better used in policydecisions.

07


USERS

HHOOWW DDOO YYOOUU SSEEEE GGEEOO IINNTTHHEE FFUUTTUURREE??We’re interested in how our partnersorganise their communities and how wecan leverage the work they are alreadydoing. In the first half of GEO’s firstdecade, we were trying to get a handleon the community, finding every data setand getting it registered to GEO. But thefact is, we don’t have to track all thatwork!

Instead, we have started to rely onour partners to bring their ownecosystems to the table. So when I thinkabout the future, it’s really aboutleveraging the work everybody is alreadydoing and placing a much heavierreliance on organisations for theircoordination abilities. GÉANT forinstance is doing a lot of coordination. Iwant to understand how we can bettertap into that.

It’s also about recognising we allhave our individual strengths andweaknesses. Asking ourselves: how canthe strengths of one shore up theweakness of another?

When we adapted something calleda Discovery and Access broker (DAB) -we started entering into interoperabilityagreements with institutions to make iteasier for users to discover and accessdata.

For instance, WMO (WorldMeteorological Organisation) has aninformation system contributed bymember countries. So, rather than usgetting those countries to register theirdata in our system, we thought: whydon’t we just do an interoperabilityagreement and make sure all data isdiscoverable and accessible through our

WWHHAATT AARREE YYOOUURROOBBJJEECCTTIIVVEESS?? To proactively link the many existing andplanned Earth observation systemsaround the world and support thedevelopment of new systems. This willprovide decision-support tools to a widevariety of users and we need to makesure they’re used in tackling the majorissues. How we do that is by advancingbroad open data policies, buildingcapacity all over the world - not justdeveloped countries, and advocatingsustained observation of the Earth.

WWHHAATT AARREE YYOOUURR BBIIGGGGEESSTTCCHHAALLLLEENNGGEESS?? The challenges we face are many. Forinstance, getting countries to want towork together; getting organisations torecognise that no single country ororganisation can do everything, and thatwe are stronger working together thanindividually; creating a mutualunderstanding that the whole is so muchmore than the sum of the parts.

There are also declining financialresources across the globe andeveryone is under tremendous financialpressure. Recognising that workingtogether to leverage each other’sresources is critical to our success iskey. Sometimes organisations don’t seethat right off the bat.

Then there are the technologicalchallenges. Though in some ways theseare easier to deal with! GÉANT is in agreat position to help us. You are acritical link that provides commonalitybetween all the other ParticipatingOrganisations in Europe.

system? Because of this, users are nowgetting access to WMO data they didn’tknow existed and vice versa. It’s a realwin-win situation.

That’s just on the infrastructure side.But I think the same thing can happenon the coordination side. How can wedo interoperability agreements with ourpartners to leverage work they arealready doing, rather than us trying toaccount for every last piece of it?

Our strength is in this convenient,active platform with the convening abilityto bring governments, private sector andother partners together in a communitynot mandated by anyone.

WWHHAATT DDOO YYOOUU SSEEEE AASS TTHHEEMMAAIINN VVAALLUUEE OOFF RREESSEEAARRCCHHNNEETTWWOORRKKSS SSUUCCHH AASSGGÉÉAANNTT?? It would be leveraging those researchnetworks and exposing the researchnetworks that we have, just like in theWMO example. Clearly all your ownpartners know about them, but whatabout those people within our network,who don’t? That’s where the win-winwould occur, because more exposurewould be coming to our partners andour partners would be exposed to yournetwork who might not know it existedbefore.

IISS IITT JJUUSSTT AABBOOUUTTCCOONNNNEECCTTIIVVIITTYY?? WWHHAATTEELLSSEE DDOO YYOOUURR UUSSEERRSSNNEEEEDD?? Connectivity really is core for us.Whether it’s connecting data resources,existing infrastructures and systems, or

09

USERS

whether it’s connecting communities -that really is our primary motivation.When we think about services andapplications, we certainly see them asimportant, but we see those asdownstream. We think they will occurnaturally in the ecosystem when peoplecan get access to the upstreamelements. So, whether it’s theuniversities or the private sector comingin, we really do think value-addedproducts and services will be generated,but the connectivity to make sure peopleknow about it, is what’s going to bemost important.

Issues of security, trust and identityare also vitally important, however GEO’smain focus has to be on connecting ourpartners and encouraging them to sharedata sets. We expect the network tolook after itself, so it’s invaluable to havea partner such as GÉANT to whom wecan entrust the movement and securityof data, as well as trusted access to it.

WWHHAATT WWOOUULLDD YYOOUU LLIIKKEE TTOOSSEEEE FFRROOMM TTHHEE GGLLOOBBAALLRREESSEEAARRCCHH CCOOMMMMUUNNIITTYY?? In each of our societal benefit areasthere are certainly specific needs. We’rehappy to call them gaps. We could go inand identify those specific areas, but let’sbring it up a notch. Let’s look at it acrossthe entire area. What I’d like to see is awillingness to partner internationally; toexpose some of the work people aredoing to a broader audience, so that wecould see more internationalcollaboration.

Lastly, a willingness by our partnersand contributors to describe their workin a way that policy makers might better

understand. GEO needs to focus moreof its attention on the ‘so what’questions. Why is this important? Thatoften requires someone from acommunications perspective to getinvolved to translate and highlight thisimportant work.

In a way it takes us back to theconnectivity theme. It’s connectingpeople in the research domain withcommunications teams that aregenerally a lot better at translating theimportance of that work for differentaudiences.

AANNYYTTHHIINNGG EELLSSEE YYOOUU’’DDLLIIKKEE TTOO AADDDD??GEO is making great progress and theenergy is palpable. We’re tapping in to it- but more needs to be done. We needto see more countries and organisationsadopt broad open data policies andpractices. I’m optimistic, but there arestill many challenges and opportunities.

I’d also like to applaud the GÉANTcommunity and the work you are doing.Your website is very clear, verycomprehensive. You face many of thesame challenges that we do. If wecould leverage this to make sure ourrespective communities are workingmore closely together we wouldwelcome that.

Read more about GEO:hhttttppss::////wwwwww..eeaarrtthhoobbsseerrvvaattiioonnss..oorrgg//iinnddeexx..pphhpp

GEO was set up to coordinate international effortsto build a Global Earth Observation System ofSystems (GEOSS). It links existing andplanned Earth observation systems and supportsthe development of new ones.

The cross-cutting approach of GEOSS avoidsunnecessary duplication, encourages synergiesamong systems and ensures substantial economic,societal and environmental benefits. For instance:

• Forecasting meningitis outbreaks• Protecting biodiversity• Improving climate observations in Africa• Supporting disaster management in Central

and South America• Managing water resources in Asia• Promoting solar energy• Improving agriculture and fisheries

management• Mapping and classifying ecosystems

https://www.earthobservations.org/index.php

https://www.earthobservations.org/index.php

SSPPEECCIIAALL FFOOCCUUSSGGÉÉAANNTT’’SS FFIIRRSSTT OOPPEENN CCAALLLL

TTHHEE NNEEEEDD FFOORR IINNNNOOVVAATTIIOONN The Internet and the World Wide Web have their origins in the researchand education (R&E) networking environment, and as a community wecan be proud of that. However whilst the success of the Web hasattracted enormous investment, R&E funding for research has beenheavily out-spent by commercial new technology start-ups.

Network operators face a range of disruptive new technologies thathave come out of the technology start-up culture. The rise of networkingon mobile devices, the explosion of social networking and cloudcomputing are just some examples. Further, the move towards streamingof HD video and the rapid expansion of ‘big data’ challenge networks withwhat has been termed a ‘data deluge’. The R&E networking world is noexception and accordingly this rapidly evolving technology environmentand the service expectations of our user community are placing greaterdemands than ever on research networks. All of these challenges requirea fresh look at how networks are delivered and managed.

A key remit for National Research and Education Networks (NRENs) isto stay at the forefront of ICT innovation. NRENs need to be generators ofinnovative new ideas and technologies and early adopters. It has becomeincreasingly difficult for NRENs to embrace this at the same time asmanaging a wider portfolio of services and networks which have evolvedto the point where they are now essential parts of the ICT infrastructuresupporting the European Research Area.

Therefore R&E networks are increasingly feeling the consequences offunding constraints and are often faced with difficult decisions as to howmuch of their valuable people resource they put into the day-to-dayprovision of high quality production network services versus how muchthey assign for creating innovation in networking.

OPEN CALL


Welcome to this special section of CONNECT, in which wefocus on the results of the first GÉANT Open Call initiative andexamine how, as part of the GÉANT Innovation Programme,these projects and their respective Joint Research Activities(JRAs) are driving innovation in several key areas. Open Callproject partners were invited to submit brief technical papers,which have been reproduced in the following pages toprovide a snapshot of the innovative work being funded by GÉANT.

We asked Dr Michael Enrico, Technical Coordinator for theGÉANT Project, and Annabel Grant, Coordinator of the Open Call initiative to give some context.

MICHAEL ENRICO – TECHNICAL COORDINATOR

“The e-infrastructure known as GÉANT (the combination of theNRENs and the GÉANT network backbone) has become missioncritical to the research and education user community all overEurope. The survival of GÉANT is dependent on our ability tocontinue innovating.”

WWHHAATT IISS AANNOOPPEENN CCAALLLL??An Open Call is an EC-funded process to enable a fully transparentevaluation and selection of projects. As part of the GÉANTInnovation Programme, the Open Call initiative has been used toenhance and complement the existing research performed inGÉANT, bringing in fresh ideas and supporting new and innovativeuses of the network. There are 21 projects within the GÉANT OpenCall initiative – each aligned to one of the GÉANT joint researchactivities. Open Call projects sit within one of four subject areas:

• Applications and Tools – supporting advanced research activities and projects.

• Authentication – helping support secure end-to-end authentication of systems and people.

• Network Architecture and Optical Projects – studying future networking systems.

• SDN - exploring Software Defined Networking potential to meet new networking demands.

OPEN CALL

OOPPEENN CCAALLLL HHOOTT TTOOPPIICCSSSSOOFFTTWWAARREE DDEEFFIINNEEDD NNEETTWWOORRKKIINNGG ((SSDDNN))Broadly the SDN concept moves the control plane out of routersand switches and into a centralised application, allowing softwaredevelopers to create new applications to control the network thatare no-longer tied to slow-moving networking protocol standards,and enabling the rapid development cycles seen in softwareapplications to be applied to the network. This has been madepossible by the introduction of Application Programming Interfaces(APIs) which allows applications to control the network layer, typicallyforwarding engines in routers. Several of the Open Call projects areactively researching new innovations in SDN controllers to solve arange of networking challenges.

FFEEDDEERRAATTEEDD AAUUTTHHEENNTTIICCAATTIIOONN IINNFFRRAASSTTRRUUCCTTUURREESSThe proliferation of web-based services has resulted in usersneeding to record dozens of passwords, and federatedauthentication is an area where the R&E community continues tolead the way with eduGAIN, proving an important tool in supportinga seamless federated identity system for Universities and otherinstitutions. Open Call projects are looking at ways to enhance theR&E community’s identity federation infrastructure.

LICIA FLORIO – IDENTITY AND TRUSTTECHNOLOGIES“For me, the added value of the Open Calls is twofold: first to enable organisations, not always closely affiliated with the NRENs, to participate and second to havea clear focus on a technical topic and carry out in-depth research - even if this is on a cutting edge topic. This has been somethingthat has been difficult for us to achieve in the past”.

TONY BREACH – NETWORK ARCHITECTURES FOR HORIZON 2020“Our engagement with the IRINA Open Call project has brought a new level of research innovation to GÉANT. Furthermore, we are excited about research within Open Call projects that brings us closer to the ideal ofzero-touch network access.”

AFRODITE SEVASTI – TECHNOLOGY TESTING FOR SPECIFIC SERVICE APPLICATIONS“Several of the Open Call projects are making use of the GÉANT OpenFlow Facility (GOFF). Bringing together theGOFF and the Open Call research experts has facilitated novel SDNresearch. The strong two way exchange between JRA2 participantsand the Open Flow SDN researchers has been very fruitful for allpartners. For example, the JRA2 Subject Matter Experts have beenable to work closely with the CEOVDS team to engineer specializedGOFF capabilities to meet their requirements.”

GGÉÉAANNTT IINNNNOOVVAATTIIOONN PPRROOGGRRAAMMMMEEIt was into this environment that GÉANT launched its InnovationProgramme – an umbrella programme and a funding mechanism toprovide a way for the wider community to pool resources and collaborateon the researching and developing of innovative technologies thataddress the future needs of the community and its users.

The programme consists of the R&D work carried out within theGÉANT project by participants in the Joint Research Activities (JRAs);Task-Forces and Special Interest Groups which include experts fromoutside the project; and the GÉANT Open Call projects.

AANN OOVVEERRSSUUBBSSCCRRIIBBEEDD SSUUCCCCEESSSS The first GÉANT Open Call was launched in April 2013 utilising €3.3million of funding from the EC Framework 7 programme to enable and support:

• new users and use cases for GÉANT project facilities (for example, testbeds)

• researchers working with GÉANT to undertake specific pieces of R&D work

• the future evolution of Research & Education networking

The call was highly oversubscribed with a total of 70 project proposalsreceived across 18 topic areas. Following a rigorous evaluation processby a panel of independent academic and industrial researchers, 21innovative projects were selected for funding and a total of 30 newpartners from across Europe joined the GÉANT project consortium.

Indeed, the Open Call projects are in many cases closely tied into thework done in the JRAs and the technical coordination of these Open Callprojects comes from within the JRAs. In several cases the Open Callprojects are undertaking packages of R&D that have been specificallyrequested by the JRAs.

The funding supports these projects in their cutting edge researchinto advanced networking technologies, in turn paving the way to thenext generation of services, applications and uses for networking andthereby supporting the aims of Horizon 2020 and the challenges of the data deluge.

It is expected that more than 20 papers will be published in peerreviewed journals as a direct result of the first GÉANT Open Call. We seethis as a big step forward for innovation in GÉANT and we are verypleased with the research that has been delivered during the last twoyears of the GÉANT project through the Open Call initiative. We hope thisspecial focus provides a brief snapshot of this innovative work, the effects of which we may come to see in the near future.

OOPPEENN CCAALLLL:: AADDDDIINNGG VVAALLUUEE TTOO TTHHEE GGÉÉAANNTT PPRROOJJEECCTT

11

For more information on GÉANT Open Call seewwwwww..ggeeaanntt..nneett//ooppeennccaallll

CCLLAASSSSeeCCLLOOUUDD--AABBFFAABB FFEEDDEERRAATTIIOONN SSEERRVVIICCEESS IINN EEDDUURROOAAMM

AAbbssttrraacctt——TToo iinnvveessttiiggaattee tthhee uussee ooff AApppplliiccaattiioonn BBrriiddggiinngg ffoorrFFeeddeerraatteedd AAcccceessss BBeeyyoonndd wweebb ((AABBFFAABB)) tteecchhnnoollooggyy ffoorr CClloouuddsseerrvviicceess aanndd VVOO mmaannaaggeemmeenntt..

IInnddeexx TTeerrmmss——CClloouudd,, AABBFFAABB,, iiddeennttiittyy,, SSSSOO,, VVOO

II.. IINNTTRROODDUUCCTTIIOONNGN3plus open call CLASSe [1] aims to improve user experience whenaccessing Cloud services over the GÉANT network, integrating ABFABtechnology [2] with OpenStack [3] to provide federated, authenticatedand authorized access based on the existing AAA eduroaminfrastructure. Additionally, CLASSe improves this access in twodirections. First, enabling real Single Sign-On (SSO) to provide quickaccess to Cloud services based on previous authentications (cloud-to-cloud and network-to-cloud SSO). Second, designing solutionsto support the dynamic formation of Virtual Organisations (VOs), so thatany user will be able to form their own VOs for access to their ownprivate Cloud.

IIII.. AABBFFAABB AANNDD OOPPEENNSSTTAACCKK AANNDD SSSSOOABFAB proposes a new GSS-API mechanism based on the ExtensibleAuthentication Protocol (EAP) named GSS-EAP [4]. It allows theauthentication of the application client using a deployed AAAinfrastructure, providing the application server with the outcome of theprocess and a SAML [5] assertion containing the client’s identityinformation used for authorization. CLASSe has integrated ABFABtechnology in the OpenStack Keystone module. In this manner, if userAlice has credentials in the eduroam infrastructure [7], she can potentiallyaccess any OpenStack cloud service provided by any other Institution inthe federation (1).

However, one of the problems of ABFAB integration in cloud accessis that it must be performed via a lengthy authentication process eachtime the user tries to access the cloud. Moreover, it implies that the usermust re-introduce his long-term credentials for each access request.

Let us imagine that Alice, belonging to Institution-A, has successfullyauthenticated to access the network at Institution-B, through eduroam(1), using her long-term credentials. Afterwards, Alice decides to accessCloudProv1 in Institution-B. This second access (2) should not requireAlice to introduce her credentials again (network-to-cloud SSO).Moreover, Bob, belonging to Institution-A, has been successfullyauthenticated and authorized to access CloudProv2 in Institution-C (3) bymeans of ABFAB, using his credentials. When Bob access toCloudProv1 in Institution-B, this second access (4) should not require himto introduce his credentials again (cloud-to-cloud SSO).

In order to provide real SSO, CLASSe proposes to extend ABFAB toinclude support for ERP (EAP Reauthentication Protocol) [8]. This allowsone round-trip authentication in a straightforward way, providing animproved performance and resource utilisation. By means of caching, it isalso compatible with the authorisation process carried out in ABFAB.

OPEN CALL – AUTHENTICATION

Alejandro Pérez-Méndez, Rafael Marín-Lopéz and Gabriel López-MillánUniversity of Murcia(alex, rafa, gabilm) @um.es

David W. ChadwickUniversity of [email protected]


IIIIII.. VVIIRRTTUUAALL OORRGGAANNIIZZAATTIIOONNSSOnce users are able to easily and securely access cloud services viaeduroam, the next thing they need to do, is authorize their colleagues toaccess their cloud services. In ABFAB, authorization is carried out viaSAML assertions sent by the user’s Identity Provider (IdP) to the cloudservice. The assertion provides the user’s identity attributes such as thosedefined in eduPerson [9]. These are typically stored in or derived from theuser’s entry in the IdP’s LDAP database. Herein lies a problem. Users arenot allowed to alter their LDAP entries, and therefore they cannot changethe identity attributes that their IdP asserts. So how are users able toauthorize each other to access their cloud services, so that differentusers have different access rights? The solution used by grids is theVirtual Organisation (VO) [10] in which different users have different VOroles. Since OpenStack already uses Role Based Access Controls(RBAC) then this fits perfectly with VOs. We have implemented the abilityfor a user, who is the administrator of his own cloud resource (i.e. atenant) to invite other users to join his VO in a particular role, and to givethese VO roles different access rights to his cloud resources. In this way,users are able to authorize each other to access their cloud resources indifferent ways, without needing to change their IdP’s configuration.

IIVV.. OOUUTTPPUUTTSS AANNDD FFUUTTUURREE WWOORRKKTo achieve the aforementioned objectives, CLASSe is working closelywith standardization and open-source groups. Regarding ABFAB andSSO, we are collaborating with the ABFAB and RADEXT IETF’s WGs.Regarding VOs, we are deeply involved in the OpenStack Keystoneworking group. Our work on federation means that support forABFAB/Moonshot will be built into the Kilo core release of OpenStack,whereas support for VOs is likely to be an easily supported extension.


AACCKKNNOOWWLLEEDDGGMMEENNTTThis work is supported by the GN3plus Project 605243. Authors thankthe Funding Program for Research Groups of Excellence with code04552/GERM/06 granted by the Fundación Séneca.

RREEFFEERREENNCCEESS[1] CLASSe project: hhttttpp::////wwwwww..uumm..eess//ccllaassssee[2] IETF ABFAB Working Group:

hhttttppss::////ddaattaattrraacckkeerr..iieettff..oorrgg//wwgg//aabbffaabb//cchhaarrtteerr/[3] OpenStack, hhttttpp::////wwwwww..ooppeennssttaacckk..oorrgg[4] S. Hartman and J. Howlett. A GSS-API Mechanism for the

Extensible Authentication Protocol. IETF RFC 7055, December 2013.

[5] S. Cantor, J. Kemp, R. Philpott, and E. Maler (Eds.). Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) v2.0, March 2005.

[6] The Moonshot Project. hhttttppss::////ccoommmmuunniittyy..jjaa..nneett//ggrroouuppss//mmoooonnsshhoott[7] eduroam (education roaming), url: hhttttpp::////wwwwww..eedduurrooaamm..oorrgg[8] Z. Cao, B. He, Y. Shi, Q. Wu, G. Zorn. EAP Extensions for the EAP

Re-authentication Protocol (ERP). IETF RFC 6696. July 2012.[9] hhttttppss::////wwwwww..iinntteerrnneett22..eedduu//mmeeddiiaa//mmeeddiiaalliibbrraarryy//22001133//0099//0044//

iinntteerrnneett22--mmaaccee--ddiirr--eedduuppeerrssoonn--220011220033..hhttmmll[10] Alfieri, R., Cecchini, R., Ciaschini, V., Dell'Agnello, L., Frohner, A.,

Lorentey, K., Spataro, F., “From gridmap-file to VOMS: managing authorization in a Grid environment”. Future Generation Computer Systems. Vol. 21, no. 4, pp. 549-558. Apr. 2005

Figure . ABFAB integration with OpenStack

13


https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-201203.html

https://www.internet2.edu/media/medialibrary/2013/09/04/internet2-mace-dir-eduperson-201203.html

http://www.eduroam.org

https://community.ja.net/groups/moonshot

http://www.openstack.org

https://datatracker.ietf.org/wg/abfab/charter/

http://www.um.es/classe


AAbbssttrraacctt——II.. HHiigghheerr EEdduuccaattiioonn EExxtteerrnnaall AAttttrriibbuuttee AAuutthhoorriittyy((HHEEXXAAAA)) iiss aann aattttrriibbuuttee aauutthhoorriittyy tthhaatt iiss ddeessiiggnneedd aannddiimmpplleemmeenntteedd ffoorr tthhee iinntteerrnnaattiioonnaall rreesseeaarrcchh aanndd eedduuccaattiioonnccoommmmuunniittyy.. HHEEXXAAAA ccaann bbee uusseedd aass aa sseerrvviiccee ddeeppllooyyeedd ffoorr aavvaarriieettyy ooff ccoommmmuunniittiieess,, aass aa nnaattiioonnaall sseerrvviiccee oorr aass aa sseerrvviiccee aatteedduuGGAAIINN lleevveell.. HHEEXXAAAA pprroovviiddeess vviirrttuuaall oorrggaanniizzaattiioonnmmaannaaggeemmeenntt ffoorr SSAAMMLL22--bbaasseedd iiddeennttiittyy ffeeddeerraattiioonnss.. IIttssuuppppoorrttss vveerryy ffiinnee--ggrraaiinneedd rroollee--bbaasseedd aacccceessss ccoonnttrrooll ttoosseerrvviicceess wwiitthh ddeelleeggaatteedd mmaannaaggeemmeenntt.. OOnnee ooff tthhee uunniiqquueeffeeaattuurreess ooff HHEEXXAAAA iiss tthhee ssuuppppoorrtt ooff uusseerr pprrooffiillee mmaannaaggeemmeenntt,,aanndd tthhee eeaassee wwiitthh wwhhiicchh uusseerrss ccaann mmaannaaggee tthheeiirr ccoonnsseenntt ttoorreelleeaassee ooff aattttrriibbuutteess.. HHEEXXAAAA’’ss bbaacckkeenndd hhaass aa wweellll--ddeeffiinneedd AAPPIIttoo ssttrreeaammlliinnee iinntteeggrraattiioonn wwiitthh lleeggaaccyy oorr ccuussttoomm eennvviirroonnmmeennttss..TThhee ssooffttwwaarree ccoommppoonneennttss ooff HHEEXXAAAA aarree aavvaaiillaabbllee oonn GGIITTHHUUBBaass ““hheexxaaaapprroojjeecctt””..

IInnddeexx TTeerrmmss——SSAAMMLL,, iiddeennttiittyy ffeeddeerraattiioonn,, aattttrriibbuuttee aauutthhoorriittyy,,ggrroouupp mmaannaaggeemmeenntt,, aauutthhoorriizzaattiioonn

II.. IINNTTRROODDUUCCTTIIOONNInstitutional access control traditionally relies on centralized, in-houseauthentication and authorization backend systems. SAML-based identityfederations have successfully extended institutional authentication toservices that can be shared between organizations. Several studies [1]have shown that simple federated authentication is far from sufficient fortypical research communities. They need information that is relevant to aperson’s role within the community rather than to organizational identity;therefore, this information should not be managed and provided by eitherthe home organization or by the Identity Provider (IdP). Whilecommunities still want to rely on home organizations for authentication,identity federations are typically extended by deploying external attributeproviders.

IIII.. FFEEAATTUURREESS AANNDD DDEETTAAIILLSSHEXAA is designed to be lightweight, flexible and easy to use. In thissense, our aim is to replicate the success of simpleSAMLphp [2]. It iswritten in PHP and uses simpleSAMLphp for implementing its SAMLAttribute Query [3] Interface, while it relies on Symfony [4] and AngularJS[5] to implement its web interface. HEXAA is intended to be acomplementary, easy-to-manage tool for federations.

A key feature of HEXAA is that it enables storage and release ofprofile attributes. While most virtual organization software assumes thatall profile data are released by the IdPs and only group information has tobe communicated on top of these, in HEXAA an arbitrary number of userattributes can be managed. This is very helpful in an environment whereIdPs are only releasing basic information.

HEXAA is very flexible in handling group information. In HEXAA,everyone can create any number of virtual organizations, with an arbitraryscheme of roles within these. The services are able to define preciselywhich users and virtual organizations are allowed to release attributevalues and authoritative information to them.

The HEXAA core, the main component of the system, implements anAPI that makes all of HEXAA’s functionality accessible. The HEXAA GUIrelies solely on this API, so new custom interfaces can be created as areplacement of HEXAA default UI. The API implements functions tohandle level of assurance (LoA) of attributes and provide it to serviceproviders.


Kristóf BajnokNIIFBudapest, [email protected]

Mihály Héder, Zsuzsanna Magyar, István TétényiMTA SZTAKIBudapest, [email protected], [email protected],[email protected]

HHEEXXAAAA:: HHIIGGHHEERR EEDDUUCCAATTIIOONN EEXXTTEERRNNAALLAATTTTRRIIBBUUTTEE AAUUTTHHOORRIITTYYAATTTTRRIIBBUUTTEESS FFOORR CCOOMMMMUUNNIITTIIEESS

15

IIIIII.. IINNTTEEGGRRAATTEEDD AAPPPPLLIICCAATTIIOONNSS AANNDDOOPPEERRAATTIIOONNAALL SSTTAATTUUSSWe have integrated a number of applications with HEXAA. Drupal [9], theportal system, is able to use profile and group information from HEXAA.Similarly Liferay [6] and the WS-Pgrade / GUSE portal [7] are integrated.HEXAA also supports MediaWiki, pydio [10] and others. The OpenNebulacloud frontend [8] has long been supported with HEXAA and OpenStackHEXAA integration is being implemented. The High PerformanceComputing portal of NIIFI uses the API interface of HEXAA and, for POPinventory management Racktables has already been integrated withHEXAA.

HEXAA runs as a production service in the EduID.hu Federation andit can be integrated into eduGAIN trivially. The HEXAA software [12] isopen source, so an international research community can decidewhether to implement their own instance or use HEXAA as an eduGAINvirtual organization platform.

IIVV.. HHEEXXAAAA IINN CCOONNTTEEXXTTIn compliance with EU privacy principles, the user can control whichinformation can be released to which services. When HEXAA wasdesigned, the legal aspects, including the TERENA Code of Conduct[15], were analyzed in order to be fully aware of the legal requirements forexternal attribute authorities. Since then, several cross-checks have beenmade all the way down to the level of database fields to fine tune theimplemented code so that it fully conforms to the legal framework.

Collaboration of attribute authorities is a terra incognita, though thevery first steps have been taken with PERUN [11], Unity [13], andOpenConext [14].


VV.. CCOONNCCLLUUSSIIOONNSSWe have been using HEXAA at EduID.hu with great success. Theanalysis of use-cases, legal environment and real world requirementsproved to be a good foundation for the project. The HEXAA team ishappy to share the results of this GN3plus project with similar efforts witha broader community.

RREEFFEERREENNCCEESS[1] Federated Identity Management for Research Collaborations

Author(s) Broeder, Daan (MPI) ; Jones, Bob (CERN) ; Kelsey, David (STFC) ; Kershaw, Philip (STFC) ; Lüders, Stefan (CERN) ; Lyall, Andrew (EBI) ; Nyrönen, Tommi (CSC) ; Wartel, Romain (CERN) ; Weyer, Heinz J (PSI, Villigen) Imprint 23 Apr 2012. - 17 p. /CERN-OPEN-2012-006/

[2] hhttttppss::////ssiimmpplleessaammllpphhpp..oorrgg//[3] hhttttpp::////eenn..wwiikkiippeeddiiaa..oorrgg//wwiikkii//SSAAMMLL__22..00##SSAAMMLL__AAttttrriibbuuttee__QQuueerryy[4] hhttttpp::////ssyymmffoonnyy..ccoomm//[5] hhttttppss::////aanngguullaarrjjss..oorrgg//[6] hhttttppss::////ggiitthhuubb..ccoomm//mmhheeddeerr//lliiffeerraayy--sshhiibbbboolleetthh--pplluuggiinn[7] hhttttpp::////gguussee..hhuu//aabboouutt//aarrcchhiitteeccttuurree//wwss--ppggrraaddee[8] hhttttppss::////ggiitthhuubb..ccoomm//bbuurrggoosszz//ooppeennnneebbuullaa--ssuunnssttoonnee--sshhiibb[9] hhttttppss::////wwwwww..ddrruuppaall..oorrgg//pprroojjeecctt//sshhiibb__aauutthh[10] hhttttppss::////ggiitthhuubb..ccoomm//bbuurrggoosszz//ppyyddiioo--sshhiibbbboolleetthh[11] hhttttpp::////ppeerruunn..cceessnneett..cczz//[12] hhttttppss::////ggiitthhuubb..ccoomm//hheexxaaaapprroojjeecctt[13] hhttttpp::////wwwwww..uunniittyy--iiddmm..eeuu//[14] hhttttppss::////wwwwww..ooppeennccoonneexxtt..oorrgg//[15] hhttttppss::////wwiikkii..rreeffeeddss..oorrgg//ddiissppllaayy//CCOODDEE//DDaattaa++PPrrootteeccttiioonn++

CCooddee++ooff++CCoonndduucctt++HHoommee##DDaattaaPPrrootteeccttiioonnCCooddeeooffCCoonndduuccttHHoommee--NNoorrmmaattiivveeDDooccuummeennttss


https://wiki.refeds.org/display/CODE/Data+Protection+Code+of+Conduct+Home#DataProtectionCodeofConductHome-NormativeDocuments



https://www.openconext.org/

http://www.unity-idm.eu/

https://github.com/hexaaproject

http://perun.cesnet.cz/

https://github.com/burgosz/pydio-shibboleth

https://www.drupal.org/project/shib_auth

https://github.com/burgosz/opennebula-sunstone-shib

http://guse.hu/about/architecture/ws-pgrade

https://github.com/mheder/liferay-shibboleth-plugin

https://angularjs.org/

http://symfony.com/

http://en.wikipedia.org/wiki/SAML_2.0#SAML_Attribute_Query

https://simplesamlphp.org/

MMEEAALL:: MMUULLTTIIDDOOMMAAIINNEEDDUURROOAAMM AACCRROOSSSS LLTTEESSAATTIISSFFYYIINNGG TTHHEE AAPPPPEETTIITTEE FFOORR MMOOBBIILLEE CCOONNNNEECCTTIIVVIITTYY

The continuous evolution of mobile access technologies isradically transforming the world around us, making ‘alwayson’ connectivity an indispensable part of our daily life. Thisimpact is particularly apparent in the education sphere. Thanksto a proliferation of choice of mobile devices, nowadays moreand more staff and students bring their own devices ontocampus, and demand pervasive network access. eduroam meetsthis need for high speed Internet connectivity through amanageable service in participating institutions by using afederated authentication approach. However, students’ appetitefor connectivity goes beyond the campus premises, demandingseamless connectivity and access to learning resourcesanywhere, anytime, across any device. 3G connectivity hasbeen used by mobile users in the absence of any wired or Wi-Fi connectivity. However, its speed was not sufficient todeliver a truly compelling education experience fromapplications. In contrast, 4G technologies with its simplifiedpacket architecture can complement Wi-Fi, leveraging thewider coverage of the mobile networks. Furthermore, the

features provided by LTE open up the opportunity to integratemobile operators’ infrastructure with that of an NREN to offera better user experience.

Multidomain eduroam Across LTE (MEAL), a joint projectbetween Janet and Surfnet, is exploring the possibility of usingeduroam-like authorisation mechanisms to grant access to anLTE-based radio network, to bring the ease of using eduroamfor mobile connectivity to locations off-campus where onlycellular data provision is available. The work, funded byGEANT as part of the GN3plus project Open Call, is a proof ofconcept for an international deployment of this idea. Theprimary phase of the project, the national deployments of aneduroam-enabled LTE network in the UK and Netherlandshave been completed [1, 2]. Both scenarios use the NRENinfrastructure to route the users’ traffic, received via an LTEaccess network, to the Internet or the local institution networkas required. The final stage of the project deals with thechallenges of international roaming between these twocountries. As a prerequisite for realising this objective therequired international roaming agreements have been put inplace between the selected mobile operators, allowing usersfrom each operator to access to a mobile data network of thevisited operator. Regarding traffic routing, the use of a localbreak-out mode has been agreed between both operators. Whenthis mode is enabled by the home operator by making thenecessary changes in the user’s profile stored in the HomeSubscriber Server (HSS), the visited operator can provide userswith direct access to the service, routing traffic through its ownPacket Gateway (P-GW) on to the visited NREN’s networkinfrastructure. According to this scenario, traffic from aSURFnet user with the chosen mobile operator SIM whilstroaming in UK on the UK mobile operator network, will havelocal breakout on its network to Janet (see the figure below).Similarly, the same mechanism would apply for Janet usersroaming in the Netherlands. Although this is in contrast withthe default Home Routing mode wherein the user’s access to


Esmat Mirzamany, Mark O’LearyJISC Collection and Janet Limited, UK{Esmat.Mirzamany;Mark.O`Leary}@jisc.ac.uk

Frans [email protected]


service is provided by the home operator and home NREN, theroaming policy chosen for MEAL is in line with the EC currentprinciple for roaming unbundling for Internet access.

NRENs offer a competent and reliable fixed infrastructure,and this has been sufficient to serve the community needs wellfor several years. However, the evolution of both wirelesstechnologies and education practise both leading to a moveaway from the classroom and other fixed locations for teaching andlearning delivery, mean that this is no longer enough. Ifintegration with truly mobile technologies is not addressed,NRENs will lose great opportunities to other competitors,including the mobile/fixed network operators, in providingmobility-based services that meet our community’s needs. Thedeliverables from the MEAL proof of concept can be used tofacilitate this integration. Having proved the technological


feasibility of the solution, the opportunity exists to redeploy thedesign used, the processes run and the lessons learnt amongother NRENs ultimately to create a truly pan-European 4Groaming solution for education.

RREEFFEERREENNCCEESS[1] E. Mirzamany and M.O`Leary, “Deliverable <4.1/MEAL>:

Milestone 4.1 Janet National deployment”, GN3plus MEAL14-WP4, 2014

[2] F.Panken, E.Mirzamany “Deliverable <2.1/MEAL>: Milestone2.1 Consolidated Deployment Plan”, GN3plus MEAL14-WP2,2014

Figure 1 Users roaming between countries

17


SSEENNSSEE –– SSEECCUURREE EENNTTEERRPPRRIISSEE NNEETTWWOORRKKSSSSIIMMPPLLEE AANNDD EEAASSYYRREESSUULLTTSS OOFF TTHHEE GGÉÉAANNTT OOPPEENN CCAALLLL ##1166

AAbbssttrraacctt——TThhee SSEENNSSEE OOppeenn CCaallll pprroojjeecctt wwaass ccrreeaatteedd ttooiimmpprroovvee sseeccuurriittyy,, uussaabbiilliittyy aanndd ffeeaattuurree ccoommpplleetteenneessss ooff aaccoorrnneerrssttoonnee ooff eedduurrooaamm aanndd ootthheerr EEnntteerrpprriissee--ccllaassss WWii--FFiinneettwwoorrkkss:: IIEEEEEE 880022..11XX ssuupppplliiccaannttss.. TThhiiss ppaappeerr pprreesseennttss tthheeffiinnddiinnggss aanndd aaccttiioonnss ttaakkeenn bbyy tthhee pprroojjeecctt ttoo ddaattee..

IInnddeexx TTeerrmmss——eedduurrooaamm,, IIEEEEEE 880022..11XX,, EEAAPP,, ssuupppplliiccaanntt,,nneettwwoorrkk,, sseeccuurriittyy,, aauutthheennttiiccaattiioonn,, aauutthhoorriissaattiioonn

II.. IINNTTRROODDUUCCTTIIOONNThe IEEE standards IEEE 802.11 [1] and IEEE 802.1X [2] („Enterprise Wi-Fi“) are in wide use to secure Wi-Fi networks that require maximumsecurity.

The advantages of Enterprise Wi-Fi are manifold, most strikinglymutual authentication (users can verify that they are connecting to thegenuine network before transmitting their credentials to that network),individual encryption keys per user for increased privacy and security onthe wireless medium, and the ability to use credentials on more than onenetwork (roaming).

The benefits of Enterprise Wi-Fi deployments depend greatly onsoftware on the end-user device, the so-called „supplicant“.Implementations need to offer all security relevant settings, ideally in aneasily understandable and mostly automated way, and users need tocomprehend and configure these settings to match the deployment’ssecurity parameters.

There are a wide variety of supplicants, and their capabilities anduser-friendliness vary greatly. The SENSE project improves security andusability of supplicants, tackling the problem space from numerousangles.

IIII.. SSEENNSSEE WWOORRKK AARREEAASSSENSE approaches the problem space from four distinct angles. The four work areas are:

• Creation of a test and verification laboratory for EAP supplicants: EAPLab (1)

• Definition of quality criteria and subsequent assessment of EAP supplicants using EAPLab (2)

• Improvement of existing EAP supplicants regarding the defined quality criteria (3)

• Definition of a standardised EAP configuration file format for industry-wide use (4)


Stefan WinterRESTENA FoundationLuxembourg, [email protected]

The work area descriptions and links to the results as discussed belowcan be found on the SENSE homepage at [3].


IIIIII.. DDEESSCCRRIIPPTTIIOONN AANNDD RREESSUULLTTSS IINNTTHHEE WWOORRKK AARREEAASS(1) The test lab „EAPLab“ is complete. It is accessible and usable withoutany authentication for any interested party (in particular EAP supplicantcode authors) to verify proper operation of their supplicant against a„default“ scenario (well-configured, genuine server). After an optionalauthentication, users can configure EAPLab to produce many non-default situations such as simulating a rogue network attacker,unresponsive or badly responding authentication server, etc. With thisextended testing capability, the reaction of a supplicant to manysituations can be tested with minimal effort (switching between scenariosis done with one click and with sub-second reconfiguration delay).Access to EAPLab is at [4].

EAPLab has already proven to be a valuable platform where networkadministrators tested client devices, and developers tested manyaspects of their code. As an example, the Slovenian EAP supplicantArnesLink was developed against the EAPLab test cases, the popularwpa_supplicant uses EAPLab as part of its conformance testing, andEAPLab users were able to file easily reproducible bug reports oncommercial supplicants with EAPLab, with the result of those bugs being fixed (Apple iOS and Mac OS).

(2) SENSE has defined 29 criteria for supplicants in its metric: security (9 criteria), user-friendliness (14 criteria) and implementation feature-completeness (6 criteria). The evaluation of supplicants against thesecriteria is underway.

Target platforms to be tested include:

• PrivatOS 1.0 (done, tested on a Blackphone)• Android 5.0 (tested on a Google Nexus device)• iOS 8.x (tested on an iPad Air)• BlackBerry OS 10 (tested on a Blackberry Z30)• MacOS X 10.10 (tested on a MacBook Air)• Several Windows versions (details TBD)• Detailed results of the device evaluations will be available by the

end of the SENSE project (03/2015).

(3) The work on supplicant improvements is currently ongoing. There arethree target platforms for the improvements:

• Android 4.3+: expose all security parameters which the API provides to the user; enable Android to consume EAP configuration files whichallow semi-automatic configuration of all necessary parameters without user interaction (using the configuration file format from (4) below). This is realised by writing a specialised „eduroam CAT“ app.

• Plasma NM (KDE): improve user-friendliness of the interactive configuration in the supplicant by delivering a more consistent user interface

• Linux: write a wrapper for consumption of EAP configuration files and subsequent semi-automatic installation for various back ends (e.g. NetworkManager, raw wpa_supplicant), using the configuration file format from work item (4) below.


(4) SENSE has created a file format with all relevant configuration detailsthat are needed for a secure deployment of EAP on end-user devices.The file format has been submitted to the Internet Engineering Task Force(IETF) for consideration as a Proposed Standard. The topic has beendiscussed in the Operations & Management Area (OPS) and has beenrefined to use the IETF’s new network configuration language „YANG“(which automatically yields representations in the popular formats XMLand JSON) in the draft’s newest revision. It is available at [5].

IIVV.. SSUUMMMMAARRYYThe SENSE project provides a significant benefit for developers andadministrators in the network access niche of the IT industry by havingcreated tools to verify operations and performance of EAP supplicants,by providing metrics to assess security and usability, and by providingguidance and standardisation for the industry regarding networkauthentication configuration metadata. Many of its ideas and results aregenuinely new and push the envelope in this area of the IT industry.

VV.. CCOOPPYYRRIIGGHHTTCopyright GÉANT Ltd. on behalf of the GN3+ consortium. Thisdocument has been produced with the financial assistance of theEuropean Union. The contents of this document are the soleresponsibility of RESTENA Foundation and can under no circumstancesbe regarded as reflecting the position of the European Union.

AACCKKNNOOWWLLEEDDGGMMEENNTTThe author thanks all the participants of the SENSE project for theiroutstanding work in their parts of the project: G. Ayres, M. Gasewicz, J.Jajor, T. Krakowski, Z. Ołtuszyk, L. Vieira Souza, S. Winter, T. Wolniewicz,M. Górecka-Wolniewicz, Ł. Zygmański.

RREEFFEERREENNCCEESS[1] IEEE 802.11-2012, IEEE Standard for Information Technology -

Telecommunications and Information Exchange between Systems -� Local And Metropolitan Area Networks - Specific Requirements Part 11: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications, 2012

[2] IEEE 802.1X-2010, IEEE Standards for Local and Metropolitan Area Networks: Port based Network Access Control, IEEE Std 802.1X-2010, 2010.

[3] S. Winter, T. Wolniewicz, M. Wolniewicz, et. al. Secure Enterprise Networks Simple and Easy (SENSE). hhttttppss::////wwwwww..ssuupppplliiccaannttss..nneett . 2014.

[4] S. Winter, T. Wolniewicz, M. Wolniewicz, et. al. Secure Enterprise Networks Simple and Easy (SENSE) – EAPLab. hhttttppss::////eeaappllaabb..ssuupppplliiccaannttss..nneett . 2014.

[5] S. Winter. „Internet Engineering Task Force - A Configuration File Format for Extensible Authentication Protocol (EAP)“. hhttttppss::////ttoooollss..iieettff..oorrgg//hhttmmll//ddrraafftt--wwiinntteerr--ooppssaawwgg--eeaapp--mmeettaaddaattaa--0011 . Work in Progress. October 2014.

19


https://tools.ietf.org/html/draft-winter-opsawg-eap-metadata-01

https://eaplab.supplicants.net

https://www.supplicants.net

GGÉÉAANNTT--TTRRUUSSTTBBRROOKKEERR::DDYYNNAAMMIICC VVIIRRTTUUAALL FFEEDDEERRAATTIIOONNSSCCLLOOSSIINNGG TTHHEE GGAAPP BBEETTWWEEEENN NNRREENN FFEEDDEERRAATTIIOONNSS AANNDD EEDDUUGGAAIINN

AAbbssttrraacctt——GGÉÉAANNTT--TTrruussttBBrrookkeerr ppuuttss uusseerrss iinn ccoonnttrrooll ooffaacccceessssiinngg rreemmoottee sseerrvviicceess wwiitthh tthheeiirr hhoommee oorrggaanniizzaattiioonn''ssccrreeddeennttiiaallss aaccrroossss NNRREENN ffeeddeerraattiioonnss'' bboorrddeerrss.. IItt aalllloowwssiinntteerrnnaattiioonnaall rreesseeaarrcchh pprroojjeeccttss ttoo eeaassiillyy sseett uupp vviirrttuuaallffeeddeerraattiioonnss aanndd pprreeppaarreess tthhee iinnvvoollvveedd oorrggaanniizzaattiioonnss ttoo jjooiinneedduuGGAAIINN..

IInnddeexx TTeerrmmss——FFeeddeerraattiioonn,, IIddeennttiittyy MMaannaaggeemmeenntt,, IInntteerr--FFeeddeerraattiioonn,, SSAAMMLL,, MMeettaaddaattaa..

II.. IINNTTRROODDUUCCTTIIOONNFederated Access Management (FAM) is an elegant solution when usersfrom several organizations, referred to as identity providers (IDPs), needaccess to common IT services, which are operated by a so-called serviceproviders (SPs). SPs can delegate user authentication and authorizationto the IDPs; this means that SPs do not need to manage their own userdatabase and users can access services with their IDP credentials in asingle sign-on fashion. This saves costs and increases usability at thesame time.

Technically, FAM requires that IDPs and SPs know details about howto communicate with each other, typically based on the Organization forthe Advancement of Structured Information Standards (OASIS) SecurityAssertion Markup Language (SAML) standard. European NationalResearch and Education Networks (NRENs) have successfullyestablished national federations in the past decade to facilitate theexchange of this so-called SAML metadata and to foster the trust-building process between IDPs and SPs. Unfortunately, national

federation borders hamper collaboration, e.g., in international researchprojects, which has motivated the eduGAIN inter-federation approach,which is one of GÉANT´s flagship services.

Although eduGAIN is remarkably successful, it comes with a fewchallenges that cannot easily and quickly be solved in practice: JoiningeduGAIN must be triggered by each SP or IDP as a whole, comes withcertain contractual and organizational overhead, and exchanging userinformation across federation boundaries is often limited to what could becalled the greatest common denominator of all national federation userdata schemas. Smaller international research projects, however, oftenwant to get up and running with minimum organizational overhead andexchange user information whose data format has not yet beenstandardized internationally.

IIII.. GGÉÉAANNTT--TTRRUUSSTTBBRROOKKEERRÉANT-TrustBroker (GNTB) [1] therefore complements eduGAIN byproviding a new technical service that allows users, not only IDP or SPoperators, to connect SPs to their IDPs in what is called a dynamic virtualfederation. GNTB triggers the required SAML metadata exchangebetween the relevant IDPs and SPs. It also provides a mechanism foruser attribute conversion in case that a pair of IDP and SP does not usethe same data format. GNTB therefore automates the required technicalsteps for setting up the successful communication between IDPs andSPs, which is a tedious task that had to be done manually previously.However, it covers the technical aspects only. Depending on the users'and organizations' requirements for contractual agreements, using GNTBis only intended as a quick first win on the longer road to join eduGAIN.

The GNTB protocol [2] is an extension to SAML, which has beensubmitted to the Internet Engineering Task Force (IETF) forstandardization in June, 2014. In a GN3plus Open Call project, the newGNTB service along with its functionalities for exchanging SAMLmetadata and converting user attributes is specified in detail and a proof-of-concept based on the open source Shibboleth software isimplemented. GNTB-supporting versions of the Shibboleth IDP and SPsoftware will be made available and serve as the basis for preparingGNTB for production use in the upcoming GN4 project.


Wolfgang Hommel, Stefan Metzger, Daniela PöhnLeibniz Supercomputing CentreGarching n. Munich, Germany{hommel,metzger,poehn}@lrz.de


Figure 1 gives an overview of the so-called GNTB core workflow [3]. The user experience when using GNTB is almost identical to using thewell-known discovery services (a.k.a. Where Are You From?) of NRENfederations and eduGAIN. IDPs and SPs need to indicate theirpreparedness for using GNTB by performing a one-time registration onthe GNTB website. Any further actions, such as updating an IDP´s orSP´s SAML metadata, can be fully automated by using a small set ofsimple command-line tools that are also developed as part of theprototype. User attribute conversion rules created by other IDPs can bere-used, so manual intervention is only necessary when a new userattribute is required to use a SP but the IDP can neither provide it out-of-the-box nor use any of the already existing conversion rules.

IIIIII.. CCOONNCCLLUUSSIIOONN AANNDD OOUUTTLLOOOOKKThe GÉANT-TrustBroker project has published several papers for bothscientific audience and practitioners; they are linked on the GN3plusOpen Calls website. Together with the Open Calls partner projectsWoT4LoA and HEXAA, common scenarios and business cases are being worked out and will be presented in 2015.


AACCKKNNOOWWLLEEDDGGMMEENNTTThe research leading to these results has received funding from theEuropean Community’s Seventh Framework Programme under grantagreement nº 605243 (GN3plus).

RREEFFEERREENNCCEESS[1] GÉANT-TrustBroker website:

hhttttpp::////wwwwww..ggeeaanntt..nneett//ooppeennccaallll//AAuutthheennttiiccaattiioonn//PPaaggeess//TTrruussttBBrrookkeerr..aassppxx/ [retrieved December 9th, 2014]

[2] Daniela Pöhn, Stefan Metzger, Wolfgang Hommel: Integration of Dynamic Automated Metadata Exchange into the SAML 2.0 Web Browser SSO Profile - draft-poehn-dame-02. I-D (Work in progress): hhttttppss::////ddaattaattrraacckkeerr..iieettff..oorrgg//ddoocc//ddrraafftt--ppooeehhnn--ddaammee/, 2014

[3] Daniela Pöhn, Stefan Metzger, Wolfgang Hommel: GÉANT-TrustBroker – dynamic identity management across federation borders. Networking with the World, in: The 30th Trans European Research and Education Networking Conference, Selected Papers, Dublin, Ireland, 2014

Figure 1: GÉANT-TrustBroker core workflow

21


https://datatracker.ietf.org/doc/draft-poehn-dame

http://www.geant.net/opencall/Authentication/Pages/TrustBroker.aspx

http://www.geant.net/opencall/Authentication/Pages/TrustBroker.aspx

CCOOFFFFEEEE –– CCOOHHEERREENNTT OOPPTTIICCAALL SSYYSSTTEEMM FFIIEELLDD--TTRRIIAALL FFOORR SSPPEECCTTRRAALL EEFFFFIICCIIEENNCCYY EENNHHAANNCCEEMMEENNTT

AAbbssttrraacctt——TThhee ssccooppee,, aaiimmss,, aanndd ccoonnttrriibbuuttiioonnss ooff tthhee CCOOFFFFEEEEpprroojjeecctt ffoorr ssppeeccttrraall eeffffiicciieennccyy eennhhaanncceemmeenntt aanndd mmaarrkkeetteexxppoossuurree aarree pprreesseenntteedd..

IInnddeexx TTeerrmmss——TTiimmee FFrreeqquueennccyy PPaacckkiinngg,, NNoonnlliinneeaarriittyymmiittiiggaattiioonn,, mmuullttii--uusseerr rreecceeiivveerr..

II.. PPRREESSEENNTTIINNGG CCOOFFFFEEEEEvery telecom bandwidth provider would like to maximize its investmentin already installed optical fibre links before replacing them with new typesof fibres or overlaying another link. Spectral efficiency (b/s/Hz)characterizes the optimum utilization of spectral resources and definesoverall transmission capacity of a link. The COFFEE project aims atdemonstrating, through field trial experiments, the coherent optical datatransmission of a single superchannel at the high capacity of 1Tbps usinga reduced bandwidth (<200 GHz) over long-haul testbed routes. In orderto fulfil such requirements, innovative techniques, already developed inlaboratory, is being introduced in a field trial environment. Time-Frequency Packing (TFP) is used to increase the spectral efficiency [1].With respect to other commonly used techniques like orthogonalfrequency division multiplexing (OFDM) and M-ary quadrature amplitudemodulation format (M-QAM), TFP can guarantee for lower transceivercomplexity and bandwidth requirements, higher tolerance with respect tofibre propagation nonlinearities, reduced power consumption, and largerflexibility. Channel shortening (CS) [2], enhanced split step Fourier Method(ESSFM) [3], and multi-user processing are key enabling techniques [4]for these features. The implementation of such advanced techniquesrepresents a strong innovation in the area of telecommunications, and the

use of GÉANT infrastructures also pushes the relevance of the COFFEEobjectives toward market visibility. GÉANT installed link between Milanand Finkenstein shown in Fig. 1 is being used to evaluate the 1Tbpstransceiver prototypes in a real network infrastructure.

IIII.. UUNNDDEERRSSTTAANNDDIINNGG SSPPEECCTTRRAALLEEFFFFIICCIIEENNCCYY AANNDD IINNFFOORRMMAATTIIOONNCCAAPPAACCIITTYYMost of currently installed transmission links in core networks carry10Gbps OOK channels on the ITU-T fixed grid occupying 50GHz or100GHz of spectrum. In the past few years 40Gbps and 100Gbpschannels have also been installed to increase the overall link capacity. Toensure the optimum utilization of spectrum the ITU-T G.694.1 flex-gridstandard [5] has been defined allowing 12.5GHz spectral slices. Figure 2shows different data rate channels along with their spectral occupancies.Table I shows how optimized use of spectral resources increases theoverall link capacity for different channels.

OPEN CALL – NETWORK ARCHITECTURE AND OPTICAL PROJECTS

M. Imran , F. Fresi, S. Rommel, A. Mastropaolo High Capacity Optical Communications GroupSSSUP/CNITPisa, Italy [email protected]

Gianluca Meloni, Luca Poti High Capacity Optical Communications GroupCNITPisa, Italy [email protected]

Figure 1: Milan-Finkenstein 675Km link for Tbps field trial

Figure 2: Different data rate channels and spectral occupancy.Each column represents a 12.5GHz flex-grid slice.


IIIIII.. LLIINNKK DDEESSCCRRIIPPTTIIOONNThe fibre optic link chosen for the field trial connects Milan, Italy andFinkenstein, Austria over a length of 675km. The link consists of tenspans of ITU-T G.655 fibre with lengths between 45 and 80km, withamplification provided by Erbuim Doped Fibre amplifiers (EDFAs) asshown in Fig 1. The installed fibre is Corning LEAF on all spans, with ashort length of 13km of G.652 Corning fibre. Alcatel 1626LM DWDMequipment is installed in all the nodes.

IIVV.. NNEETTWWOORRKK EEMMUULLAATTIIOONN IINN LLAABBThree nodes of Alcatel LM1626 equipment were installed and re-commissioned in the CNIT lab to characterize each component of a nodeand to emulate the network conditions before making the actual field trial.The network emulation helped to understand the compatibility issueswith 1Tbps transceiver and node component parameters such as thegain of amplifiers were optimized. Moreover, the amplifier loop backconfiguration at Finkenstein was also ascertained after evaluating different possible configurations.

VV.. EENNHHAANNCCIINNGG TTHHEE SSPPEECCTTRRAALLEEFFFFIICCIIEENNCCYY-- KKEEYY CCOOFFFFEEEECCOONNTTRRIIBBUUTTIIOONNSSThe overall transmission capacity of a link can be increased bytransmitting more bits per second per Hz of spectrum. But as we placechannels closer to each other we increase the inter-channel interference(ICI) degrading transmission performance. TFP employs severalinnovative techniques to mitigate ICI and other linear and non-linearimpairments and thus allows reduction of the spacing between differentchannels. Figure 3 shows three 160Gbps PM-QPSK channels packedtogether in 63GHz bandwidth using TFP. Table II shows achievedtransmission distance for different spectral bandwidths of a 1Tbpssuperchannel consisting of 8 sub-channels.


In the COFFEE project, a discrete time model of the transmission channelhas been derived to evaluate propagation over the link throughsimulations using a numerical tool built in CNIT. Both linear and nonlinearchannel models have been implemented. The key techniquesincorporated in TFP in the scope of the COFFEE project include:

• Channel Shortening [2].• Nonlinear Impairment Mitigation [3].• Multiuser processing at the receiver [4].

The system performance both in a single user and multi-user scenariohas been tested and optimised by emulating the Milan–Finkenstein fibreoptic link with a re-circulating loop in the lab. Use of multi-userprocessing will reduce the penalty due to ICI, and thus will enable a moretight binding of optical sub-channels.

VVII.. FFUUTTUURREE PPLLAANNSSBased on system optimizations achieved in the lab, a field trial is nowunder way. As a fundamental outcome within the GN3plus communitythe COFFEE project allows to build expertise in innovative transmissiontechniques for next generation optical networks.

AACCKKNNOOWWLLEEDDGGMMEENNTTThis work has been carried out within the scope of the GN3plus projectCOFFEE as part of the GÉANT Open Call Programme.

RREEFFEERREENNCCEESS[1] G. Colavolpe et al., J. Lightwave Tech., vol. 27, n. 13, pp. 2357-

2369, July 2009.[2] D. D. Falconer et al., Bell System Tech. J., vol. 52, pp. 1541–1562,

Nov. 1973.[3 Secondini, Marco; Marsella, Domenico; Forestieri, Enrico,

"Enhanced split-step Fourier method for digital back propagation," Optical Communication (ECOC), 2014 European Conference on , vol., no., pp.1,3, 21-25 Sept. 2014.

[4] Colavolpe, G.; Fertonani, D.; Piemontese, A., "SISO Detection Over Linear Channels With Linear Complexity in the Number of Interferers," Selected Topics in Signal Processing, IEEE Journal of , vol.5, no.8, pp.1475,1485, Dec. 2011.

[5] hhttttpp::////wwwwww..iittuu..iinntt//rreecc//TT--RREECC--GG..669944..11//eenn.

Figure 3: Three adjacent PM-QPSK channels in 63GHz using TFP

TABLE I. Different data rates and total C-band capacity

TABLE II. Achieved Transmission distances for different spectralbandwidths for 1Tbps PM-QPSK superchannel

23


http://www.itu.int/rec/T-REC-G.694.1/en

IIRRIINNAA:: IINNVVEESSTTIIGGAATTIINNGG RRIINNAAAASS TTHHEE NNEEXXTT GGEENNEERRAATTIIOONN GGÉÉAANNTT AANNDD NNRREENN NNEETTWWOORRKK AARRCCHHIITTEECCTTUURREEAADDVVEENNTTUURREESS OOUUTTSSIIDDEE OOFF TTHHEE TTCCPP//IIPP CCOOMMFFOORRTT ZZOONNEE

AAbbssttrraacctt——IIRRIINNAA iiss aa pprroojjeecctt iinn tthhee GGÉÉAANNTT OOppeenn CCaallll tthhaatt sseettss oouutt ttoo ssttuuddyy tthhee uussee ooff tthhee RReeccuurrssiivvee IInntteerrNNeettwwoorrkkAArrcchhiitteeccttuurree ((RRIINNAA)) aass tthhee ffoouunnddaattiioonn ooff nneexxtt ggeenneerraattiioonnNNRREENN aanndd GGÉÉAANNTT nneettwwoorrkk aarrcchhiitteeccttuurreess,, bbuuiillddiinngg oonn aann ooppeennssoouurrccee RRIINNAA pprroottoottyyppee.. TThhee ssuucccceessss ooff IIRRIINNAA ccoouulldd lleeaadd ttooffiieelldd ttrriiaallss ooff tthhee RReeccuurrssiivvee IInntteerrNNeett AArrcchhiitteeccttuurree,, ppaavvee tthhee wwaayyffoorr iinnccrreeaasseedd sseeccuurriittyy,, rreelliiaabbiilliittyy aanndd ssccaallaabbiilliittyy ooff rreesseeaarrcchhnneettwwoorrkkss aanndd,, uullttiimmaatteellyy,, pprroovviiddee aa ssaaffeerr aanndd iimmpprroovveeddnneettwwoorrkkiinngg eexxppeerriieennccee..

IInnddeexx TTeerrmmss——FFuuttuurree NNeettwwoorrkk AArrcchhiitteeccttuurreess,, GGÉÉAANNTT OOppeennCCaallllss,, RRIINNAA..

II.. IINNTTRROODDUUCCTTIIOONNA lot has been written about the “ossification” of the Internet: the coretechnologies residing in the “narrow waist” are so ubiquitously deployedthat they are almost impossible to change. Therefore, most researchprogress is being made where it can be easily deployed: below L3, e.g.by improving bandwidth efficiency through optimized modulation formatsand advanced medium access control (MAC) protocols and above L3,adding custom protocols are on top of the Internet.

The two dominant “Future Internet” technologies - i.e. SDN and NFV- are oriented towards managing (the cost of) complexity in the currentnetwork. On the one hand, SDN is (logically) centralizing the networkstate and control functionalities; on the other hand NFV aims at shiftingnetwork functions from expensive dedicated hardware to virtualizedenvironments running on commodity servers. However, in order to scalethe Internet to the hundreds of billions of devices, as predicted toconnect to it by 2050, research on fundamental aspects of networkingmay be needed.


Dimitri Staessens, Didier ColleGhent University-iMindsG. Crommenlaan 8 bus 2019050 Ghent, Belgium

Francesco SalvestriniNextworks, s.r.lVia Livornese 1207 56122 San Piero a Grado, Pisa, Italy

Leonardo BergesioFundació i2CATCarrer del Gran Capità, 208034 Barcelona, Spain

Jason BarronWIT-TSSGWIT, West Campus,Waterford, Ireland


Recently, a potential candidate for an Internet architecture hasemerged in the form of the Recursive InterNetwork Architecture (RINA),championed by John Day [1]. Its core principle is that the endpoints ofany communication are processes, and by applying a complete namingand addressing scheme as advocated by Saltzer [2], challenges such asend-user mobility and multi-homing can be more readily addressed.

Currently, the EC is funding a number of innovative projects focusingon RINA. The FP7 IRATI project [3] is developing a first prototype [4]implementing the core functions of the RINA architecture and providing aframework that allows developers to directly bind their applications toRINA [5]. FP7 PRISTINE [6] is tackling important issues such as securityand QoS. The GN3+ Open Call project IRINA [7] is investigating thebenefits of RINA to NRENs by developing a traffic generator over theIRATI prototype, in order to evaluate an NREN use case.

IIII.. IIRRIINNAA:: DDEESSIIGGNNIINNGG NNRREENNNNEETTWWOORRKKSS IINN TTHHEE RRIINNAAFFRRAAMMEEWWOORRKK IRINA performed an analysis using SWOT and PEST techniques toassess and evaluate the impact of deploying RINA within the NRENs andGEANT context. Identified opportunities in deploying RINA are: speedingup service development and provisioning, thereby lowering both CAPEXand OPEX. The main threats are that it may face resistance fromincumbent technologies with inherent deployment risks The analysishighlighted a common weakness between current approaches in thatthey primarily focus on fixing specific networking issues rather thanproviding an all-encompassing solution, which is the strength of a aclean-slate approach such as RINA.

The results of a survey among NRENs, to which 24 have responded,were used to shape the project’s use case focusing on three aspects: thenetwork topology comprising of the NREN networks interconnected viathe GEANT backbone, the services currently deployed on thesenetworks and the impact of future requirements over the selectedservices. The topology is abstracted into three different NREN types - aLarge NREN (based on RENATER), a medium NREN (based onRoEduNet2 and SURFnet), and a small NREN (based on AMRES). Thesurvey identified the most important technical challenges for NREN IPnetworks: maximizing throughput, reducing latency, decreasingprovisioning times, improving mobility and improving energy efficiency.Currently NRENs provide mobility via Wi-Fi (e.g Eduroam) but there isgrowing demand for 3G and 4G services. In terms of bandwidth, severalNREN customers have higher and higher bandwidth demands (forspecific services). In terms of security, DDoS attacks are frequentlyencountered and mitigated by specific countermeasures.


The IRINA use case encompasses three different services - HD Videoconferencing (based on RENATER SeeVogh/RMS), p2p VPN servicesand Cloud storage (based on SURFDrive+[8]).

IRINA is developing an appropriate schema for this use case,providing the services above in a secure manner. This schema focuseson specific areas, representing common configurations used in the NRENarchitecture:

• Internal NREN design• Peering with other NRENs (via GEANT or directly via CBF)

and commercial ISPs• Interconnecting customers and internal datacenters

A lab trial using the IRATI prototype and the experimental facilitiescontributed by the project partners will provide a proof-of-conceptdemonstration.

AACCKKNNOOWWLLEEDDGGMMEENNTTThis work is partially supported by the European Commission’s Seventh Framework Programme (FP7/2007-2013) project GN3plus Open Call “IRINA”.

RREEFFEERREENNCCEESS[1] Day, J., “Patterns in Network Architecture, a return to Fundamentals”,

Prentice Hall, 2008[2] Saltzer, J., On the Naming and Binding of Network Destinations,

IETF RFC1498[3] The FP7 IRATI project. Available online at hhttttpp::////iirraattii..eeuu[4] Vrijders, S.; Staessens, D.; Colle, D.; Salvestrini, F.; Grasa,

E.; Tarzan, M.; Bergesio, L., "Prototyping the recursive internet architecture: the IRATI project approach," Network, IEEE , vol.28, no.2, pp.20,25, March-April 2014

[5] The IRATI stack. Available online at hhttttpp::////iirraattii..ggiitthhuubb..iioo//ssttaacckk[6] The FP7 PRISTINE project. Available online at hhttttpp::////iicctt--pprriissttiinnee..eeuu[7] GN3+ Open Call project IRINA. hhttttpp::////wwwwww..ggeeaanntt..nneett//ooppeennccaallll[8] SURFdrive, hhttttppss::////wwwwww..ssuurrff..nnll//eenn//sseerrvviicceess--aanndd--

pprroodduuccttss//ssuurrffddrriivvee//ssuurrffddrriivvee..hhttmmll

25


https://www.surf.nl/en/services-and-products/surfdrive/surfdrive.html

https://www.surf.nl/en/services-and-products/surfdrive/surfdrive.html

http://www.geant.net/opencall

http://ict-pristine.eu

http://irati.github.io/stack

MMOOMMOOTT:: DDEESSIIGGNNIINNGG AANN AALLIIEENN WWAAVVEEMMOODDEELLLLIINNGGTTOOOOLL

AAbbssttrraacctt——TThhiiss aarrttiiccllee ddeessccrriibbeess tthhee ccoonncceepptt ooff uussiinngg aalliieennwwaavveess,, aallssoo ccaalllleedd ssppeeccttrraall sshhaarriinngg,, iinn tthhee GGEEAANNTT ccoommmmuunniittyy..TThhee ooppeenn--ccaallll pprroojjeecctt MMOOMMooTT hhaass tthhrroouugghh aa ccoommpprreehheennssiivveessuurrvveeyy iinnvveessttiiggaatteedd tthhee nneeeedd aanndd iinntteerreesstt ooff uussiinngg aalliieennwwaavveelleennggtthhss.. FFuurrtthheerrmmoorree,, aann aalliieenn wwaavvee mmooddeelllliinngg ttooooll iissccuurrrreennttllyy bbeeiinngg ddeevveellooppeedd.. TThhee ttooooll iiss bbeeiinngg ddeessiiggnneedd ttoo aassssiissttNNRREENNss iinn ppllaannnniinngg aanndd sseettttiinngg uupp aalliieenn wwaavveess..

IInnddeexx TTeerrmmss——AAlliieenn wwaavveelleennggtthh,, mmooddeelllliinngg,, ssppeeccttrraall sshhaarriinngg..

II.. IINNTTRROODDUUCCTTIIOONNAlthough Alien Waves (i.e., wavelengths which are unknown to thenetwork domain and that share the spectrum with native wavelengths)has been discussed within the NREN community for a number of years itremained unclear what the actual interests were. Furthermore, as thesupport from vendors is typically limited, NRENs are faced with technicalchallenges in the process of planning and setting up alien waves.

The MOMoT project was created to take on both these issues. First,to investigate the need and interest for alien waves within the community,and secondly, to develop a modelling tool and user interface that willassist NRENs in planning and setting up alien waves across theirnetworks.

IIII.. TTHHEE MMOODDEELLLLIINNGG TTOOOOLLThe modelling tool is based on a series of analytical equations that willconsider effects such as optical noise and non-linearities. Coupling theseeffects with the modulation format, bit rate, transmission distance, fibertype and other factors will enable the model to predict the bit-error-rate(BER) performance of both the alien and the native waves. Moreover, it isvital to assure that the existing channels are kept undisturbed whensetting up an alien wave , for example by limiting the launch power of thealien wave.

Figure 1 illustrates how an alien wave is set up between two domainsand how the link parameters (either through the management system ormanually) are given to the modelling tool, which in turn will model andevaluate the native and alien wave transmission. Details on the BERmodel on which the modelling tool is built can be found in [1].


Martin Nordal Petersen, Anna ManolovaFagertunDTU FotonikTechnical University of Denmark, Lyngby,[email protected]; [email protected]

Nicola SamboConsorzio Nazionale Interuniversitario per leTelecomunicazioni (CNIT), Pisa, [email protected]


IIIIII.. SSUURRVVEEYYAs a first step in MOMOT, a survey with 11 questions was distributed toNRENs collecting their knowledge, interest and customer demandrelated to alien wavelength services. The answers, coming from 47NREN members at CTO level, revealed that there indeed is an interest inalien waves within the community.

Of the NRENs that answered the survey, 60% are involved in alienwaves activities, either in the planning, trial or production phase. 50%were interested in alien waves for reasons of saving money on newequipment, 43% were interested as they believed it could possibly bringin a new set of client services and 33% had concrete plans ofinterconnecting with neighbors using alien waves on cross-border fibers.Finally, 30% had received customer requests for services requiring alienwaves. The full report on the survey can be found in [2].

IIVV.. FFIIEELLDD TTRRIIAALL MMOODDEELLLLIINNGGDante and Surfnet are currently planning an alien wave setup where twoInfinera channels from the GEANT node in Hamburg will be transmittedthrough Surfnet’s network to Amsterdam. Surfnet is using Ciena 6500 sothe two 50Gb/s PM-QPSK waves will be alien in the Surfnet network.

The MOMoT modelling tool has been used in this trial to characterizethe communication link. The 626-km link between Hamburg andAmsterdam is amplified with 10 optical amplifiers. Figure 2 shows theinput power analysis that was made using the modelling tool. It showshow the signal quality, the pre-FEC BER (pre-Forward-Error-CorrectionBit-Error-Rate) changes with the launch power of the alien wave. If thepower is low, the bit errors will increase due to low signal-to-noise (SNR)ratio and if the power is too high, the alien wave signal will suffer fromnon-linearities (red zone).


All in all, the results from the tool suggest to keep the power of the alienwave in the green zone, above -5 dBm and up to 0 dBm, in order toachieve a good signal quality. The zone between 0 dbm and 7 dBm,currently marked yellow, can be used as well if there are no nativeneighboring channels. Also, in this trial a BER down to 2x10-3 can beaccepted as Forward-Error-Correction (FEC) is used. Without FEC theminimum requirements to BER would usually be 1x10-12.

VV.. FFUUTTUURREE WWOORRKKIn the final phase of the project attention will be focused on improvingand expanding the functionality of the modelling tool, developing a userfriendly interface and finally, through collaboration with one or moreNRENs, do a field-trial evaluation of the tool. Applying the tool for anactual alien wave planning and setup case would assess the tool andallow for final touchups at the end of the project.

AACCKKNNOOWWLLEEDDGGMMEENNTTThe authors would like to acknowledge the European Commission andthe GN3+ project for funding this research.

RREEFFEERREENNCCEESS[1] N. Sambo, M. Secondini, F. Cugini, G. Bottari, P. Iovanna,

F. Cavaliere, and P. Castoldi, “Modeling and distributed provisioning in10-40-100 Gb/s multi-rate wavelength switched optical networks,” J. Lightwave Technol., vol. 29, no. 9, pp. 1248–1257, 2011.

[2] MOMoT milestone report M2.1 is available through the GEANT Intranet: hhttttppss::////iinnttrraanneett..ggeeaanntt..nneett//JJRRAA00//MMOOMMooTT

1. Illustration of an alien wave setup between two domains runningdifferent equipment. The alien wave is a native wave in one domainbut alien in the other. The MOMoT tool can assist in evaluating if thealien wave can be successfully set up.

2. Results generated from the modelling tool, showing low- andhigh input power effect on the signal quality (BER). The green areaindicates the best chosen alien wave input power range.

27


https://intranet.geant.net/JRA0/MOMoT

RREEAACCTTIIOONN::RREESSEEAARRCCHH AANNDD EEXXPPEERRIIMMEENNTTAALL AASSSSEESSSSMMEENNTT OOFF CCOONNTTRROOLL PPLLAANNEE AARRCCHHIITTEECCTTUURREESS FFOORR IINN--OOPPEERRAATTIIOONN FFLLEEXXGGRRIIDD NNEETTWWOORRKK RREE--OOPPTTIIMMIIZZAATTIIOONN

AAbbssttrraacctt——TThhee RREEAACCTTIIOONN pprroojjeecctt pprrooppoosseess,, ddeessiiggnnss,, aannddvvaalliiddaatteess fflleexxii--ggrriidd eellaassttiicc ooppttiiccaall nneettwwoorrkkss eennaabblliinngg ssooffttwwaarree--ccoonnttrroolllleedd hhiigghh--rraattee ttrraannssmmiissssiioonnss.. IInn tthhiiss ppaappeerr,, tthhee mmaaiinnpprroojjeecctt oobbjjeeccttiivveess aarree rreeppoorrtteedd,, ttooggeetthheerr wwiitthh aa bbrriieeff ssuummmmaarryyoonn ttwwoo mmaaiinn RREEAACCTTIIOONN ssttuuddiieess..

IInnddeexx TTeerrmmss——EEOONN,, FFlleexxii--ggrriidd,, PPCCEE,, AABBNNOO,, RRSSAA..

II.. IINNTTRROODDUUCCTTIIOONNThe continuous increase of users’ bandwidth requests, combined withthe need to adequately address data center connectivity requirements, is driving the evolution of ultra-high speed optical networks, enablingtransmission rates beyond 100Gb/s. These networks are expected torely on flexi-grid optical cross-connects, enabling finer granularity andflexibility in the use of the optical spectrum compared to that of the fixedgrid. Moreover, a new generation of transponders, called sliceablebandwidth-variable transponders (SBVTs), is expected to provideadvanced adaptation capabilities enabling elastic network operations(e.g., modulation format and code adaptation, network de-fragmentation, etc).

The REACTION project aims at investigating the benefits of flexi-gridoptical networks, specifically considering advanced provisioning andadaptation capabilities. The project is carried out by three partners, CNIT(Pisa, Italy), the Optical Communications Group (GCO) of the UniversitatPolitècnica de Catalunya (UPC, Barcelona, Spain) and TelefonicaInvestigation y Desarollo (TID, Madrid, Spain).

IIII.. RREEAACCTTIIOONN AACCTTIIVVIITTIIEESSThe project investigates the benefits of flexi-grid elastic optical networksby addressing three main networking aspects: enabling data planetechnologies, routing and spectrum assignment (RSA) algorithms, andcontrol plane architecture.

These three aspects are investigated through both simulative andexperimental studies. A specifically designed OPNET Modeler has beenalso implemented to reproduce a comprehensive flexi-grid control plane.Moreover, a distributed testbed has been setup to experimentally validatethe most effective REACTION solutions.


F. Cugini, M. [email protected]

L. Velasco, Ll. GifreUniversitat Politècnica de Catalunya (UPC)Barcelona, Spain.

V. López, J.P. Fernández-PalaciosTelefonica Madrid, Spain.


IIIIII.. OOUUTTCCOOMMEESSTo provide a hint of the REACTION outcomes assessing the benefits ofthe flexi-grid technologies, two specific research studies are herereported. Additional REACTION research outcomes are detailed in [1]-[7].

AA.. EExxaammppllee ooff aaddaappttaattiioonn ccaappaabbiilliittyy:: sslliicceeaabbllee ffuunnccttiioonnaalliittyy

1 shows a network scenario applying the sliceable functionality. A400Gb/s super-channel composed of four contiguous 100Gb/s sub-carriers is considered. The sub-carriers can be configured either to beco-routed along the same path (1b/c) or, when the sliceable functionalityis applied, independently routed along multiple paths (1d). In the lattercase, more spectrum resources are required (i.e., four frequency slots of37.5Ghz rather than a single slot of 100GHz, see 1a).

To exploit the benefits of the sliceable functionality, specific routingstrategies have been proposed and evaluated through simulations,showing that provisioning blocking probability can be reduced if thesliceable functionality is properly applied, e.g. when there are no morenetwork resources to accommodate an entire super-channel. Furtherdetails and application scenarios (e.g., recovery) can be found in [2].


BB.. SSlliicceeaabbllee ffuunnccttiioonnaalliittyy iinn pprroovviissiioonniinngg aanndd rreeccoovveerryy

A use case of in-operation network planning is considered. When a linkfails, multipath restoration can be used to increase restorability of affectedconnections at the cost of worse resource utilization and spectralefficiency.

After the link is repaired, the multipath after failure repair optimization(MP-AFRO) problem can be used to aggregate multiple sub-connectionsserving a single demand using shorter routes, thus releasing spectrumresources that now can be used to convey new connection requests.

The MP-AFRO problem has been addressed within REACTION byproposing a specifically designed mathematical formulation and aheuristic algorithm, successfully providing good feasible solutions inpractical computation times.

The algorithm has been experimentally validated on a distributedtest-bed connecting premises in Telefonica, CNIT, and UPC. After a link isrepaired, network re-optimization is requested from the NetworkManagement System (NMS). The Application-Based Network Operations(ABNO) architecture controls a flexgrid-based optical network, where thePath Computation Element (PCE) architecture consists of a front-endPCE (fPCE) and a back-end PCE (bPCE). The ABNO controller is incharge of initiating the MP-AFRO workflow, requesting re-optimization tothe fPCE, which delegates complex computations to the bPCE. Therelevant PCE Protocol (PCEP) messages are reported in Fig. 2. Theresults of the path computation trigger network re-optimizationsperformed through the Generalized Multi-Protocol Label Switching(GMPLS) protocol suite, extended for flexi-grid optical networks. Thisway, MP-AFRO is successfully performed.

Further details can be found in [4].

IIVV.. CCOONNCCLLUUSSIIOONNSSThis paper briefly reported the main REACTION project objectives andactivities. Two examples of project achievements are summarized,showing the benefits of flexi-grid technologies due to the introduction ofadvanced transmission adaptation capabilities, effective RSA algorithms,and innovative control plane architectures.

RREEFFEERREENNCCEESS[5] M. Dallaglio et al, “Impact of slice-ability on dynamic restoration in

GMPLS-based Flexible Optical Networks”, OFC Conf., March 2014.[6] M. Dallaglio et al, “Provisioning and Restoration with Slice-ability in

GMPLS-based Elastic Optical Networks [Invited]”, Journal of Optical Communications and Networking (JOCN), in-press

[7] L. Velasco et al, “First experimental demonstration of ABNO-driven in-operation flexgrid network re-optimization”, OFC Conf., Post-deadline Paper, March 2014

[8] Ll. Gifre et al, “First Experimental Assessment of ABNO-driven In-Operation Flexgrid Network Re-Optimization”, Journal of Lightwave Technology (JLT), 2014.

[9] F. Paolucci et al, “Multipath restoration and bitrate squeezing in SDN-based elastic optical networks [Invited]”, Journal of Photonic Network Communications, May 2014

[10] Ll. Gifre, A. Castro, M. Ruiz, N. Navarro, L. Velasco, “An in-operationplanning tool architecture for flexgrid network re-optimization”, ICTON Conf., July 2014

[11] M. Dallaglio et al, “Impact of SBVTs based on Multi-wavelength Source During Provisioning and Restoration in Elastic Optical Networks”, ECOC Conf. Sept. 2014

Fig. 1 : Example of sliceable functionality applied to a 4 sub-carriersuper-channel in the case of failure recovery.

Fig. 2. Distributed field trial set-up and exchanged messages

29


AARREESS:: AADDVVAANNCCEEDD NNEETTWWOORRKKIINNGG FFOORR TTHHEE EEUU GGEENNOOMMIICC RREESSEEAARRCCHHGGEENNOOMMIICC AANNAALLYYSSIISS IINN GGÉÉAANNTT:: AA DDIISSTTRRIIBBUUTTEEDD CCLLOOUUDD AAPPPPRROOAACCHH

AAbbssttrraacctt——TThhiiss ppaappeerr sshhoowwss tthhee sseerrvviiccee aarrcchhiitteeccttuurreeiimmpplleemmeenntteedd iinn tthhee ffrraammeewwoorrkk ooff tthhee pprroojjeecctt AARREESS ((AAddvvaanncceeddnneettwwoorrkkiinngg ffoorr tthhee EEUU ggeennoommiicc RREESSeeaarrcchh)).. IItt iiss ddeessiiggnneedd ffoorrpprroovviiddiinngg bbootthh ddeelliivveerryy ooff ggeennoommiicc ddaattaa sseett oovveerr tthhee GGÉÉAANNTTnneettwwoorrkk aanndd rreelleevvaanntt pprroocceessssiinngg iinn aa ddiissttrriibbuutteedd cclloouuddffaasshhiioonn.. TThhiiss ppaappeerr ssuummmmaarriizzeess tthhee vviissiioonn ooff tthhee pprroojjeecctt,, aannddpprreesseennttss ssoommee iinntteerreessttiinngg eexxppeerriimmeennttaall rreessuullttss..

IInnddeexx TTeerrmmss——CCoonntteenntt ddiissttrriibbuuttiioonn nneettwwoorrkk,, nneettwwoorrkk ffuunnccttiioonnvviirrttuuaalliizzaattiioonn,, cclloouudd ccoommppuuttiinngg,, bbiigg ddaattaa,, ggeennoommiicc ddaattaaaannaallyyssiiss

II.. IINNTTRROODDUUCCTTIIOONNThe increasing scientific and societal needs of using genomic data andthe parallel development of sequencing technologies have made theaccess to genome processing services necessary everywhere. In a fewyears, different fields will make an intensive use of the information storedin genomes of living bodies. Access to this information, which is a typicalbig data problem, requires redesigning procedures used in sectors, suchas biology, medicine, food industry, and others. Since it cannot beexpected that any potential user owns the processing capabilities formassive genome analysis in-house, a cloud approach is envisaged. In addition, due to the large file size (a single raw genome file is in theorder of 3 GB ), it is necessary to control the impact massive genomeanalyses have on transport networks, which could cause bottlenecks.

For this reason, the strategic objective of the project ARES(Advanced networking for the EU genomic RESearch) is to create a novelContent Distribution Network (CDN) architecture supporting all activitiesmaking a large use of genomics data. This CDN is implemented throughnetwork function virtualization (NFV ) caching modules, suitable forhandling the rapidly increasing diffusion of genomic data.

We present the main concepts (Section II) and some experimentalresults of ARES (Section III), highlighting how the proposed innovativeCDN can limit the network footprint of such bandwidth-hungry services.

IIII.. SSEERRVVIICCEE AARRCCHHIITTEECCTTUURREEThe technological pillars of ARES are (see II):

• infrastructure as a service (IaaS) for implementing processing of genomic contents in data centers by virtual machines (VMs), managed through OpenStack tenants;

• software as a service (SaaS) for managing the access of end users to the processing platform (web interface);

• NFV caching modules in routers and in data center VMs, implemented through the NetServ platform ;

• a central orchestration engine (genome CDN manager, GCM), making use of the NSIS signaling for collecting the status of computing resources and caches.

OPEN CALL – SOFTWARE DEFINED NETWORKING

M. Femminella, G. Reali, D. ValocchiDepartment of Engineering (DI)University of PerugiaPerugia, Italy{mauro.femminella,gianluca.reali}@unipg.it,[email protected]

E. NunziDepartment of Experimental MedicineUniversity of PerugiaPerugia, [email protected]


Processing services, implemented in VMs, are usually organized in"pipelines".

The main novelty of ARES consists of network data management,optimized for genomics processing needs. It is based on caching of bothVMs and large auxiliary files (like reference human genomes ), required bygenomic processing. For selecting the data center that will execute thecomputation, the GCM collects information, about data center availabilityand cached contents, through specific NSIS signaling. The policies usedfor allocating computing resources are implemented in the GCM, thatexecutes ad hoc optimization problems, involving content location (bothoriginal and cached ones), data centers with sufficient resources, and thelocation of the genomes to be processed. The optimization problemconsists of minimizing either exchanged network traffic or processingtime. The relevant solutions indicate the locations from which contentsare downloaded and the data center which will host the desiredprocessing. The GCM can thus orchestrate data transfer andcomputation services. In this way, it is possible to tightly control theimpact of the genomic services being delivered over network resources.

IIIIII.. EEXXPPEERRIIMMEENNTTAALL RREESSUULLTTSSExperiments in ARES have been done by referring to the GÉANTtopology, composed of 40 points of presence (PoPs, January 2014), 32of which include a co-located data center, candidate for hosting aprocessing VM.

In the set of experiments shown in what follows, up to five concurrentpipelines can be executed in each data center. In the legacy approachrequests are distributed randomly over nodes. In the ARES strategy,service requests are allocated by following the approach described insec. II, for example minimizing the traffic exchanged, including not onlythe patient genomes, but also VM images and auxiliary files, which canbe stored in the ARES network caches. The sample results shown inIIIdemonstrate a marked decrease, of about 6 times, of the aggregate traffic.


AACCKKNNOOWWLLEEDDGGMMEENNTTARES is supported by GÉANT/GN3plus in the framework of the firstGÉANT open call.

RREEFFEERREENNCCEESS[1] DNA Sequencing Costs. Data from the National Human Genome

Research Institute (NHGRI) Genome Sequencing Program (GSP). <hhttttpp::////wwwwww..ggeennoommee..ggoovv//sseeqquueenncciinnggccoossttss//>

[2] Yandell M., Ence D., "A beginner’s guide to eukaryotic genome annotation," Nature Reviews Genetics, 13(5), 2012.

[3] O’Driscoll A, Daugelaite J., Sleator R.D. "‘Big data’, Hadoop and cloud computing in genomics,” Journal of Biomedical Informatics, 2012, vol. 46, pp. 774–781.

[4] EE Schadt et al., "Computational solutions to large-scale data management and analysis," Nature Reviews Genetics, September 2010, 11(9), pp. 647-657.

[5] "Network Functions Virtualisation (NFV) Network Operator Perspectives on Industry Progress", ETSI, October 2013, hhttttpp::////ppoorrttaall..eettssii..oorrgg//NNFFVV//NNFFVV__WWhhiittee__PPaappeerr22..ppddff.

[6] Femminella M., Francescangeli R., Reali G., Lee J.W., Schulzrinne H.,"An enabling platform for autonomic management of the future internet," IEEE Network, 25(6), 2011, pp. 24-32.

[7] Femminella M., Francescangeli R., Reali G., Schulzrinne H., "Gossip-based signaling dissemination extension for next steps in signaling," IEEE/IFIP NOMS 2012, Maui, US.

Fig. 1. ARES: a big picture. Fig. 2. Benefit introduced by the ARES approach versus arandomized data center selection, as a function of service request rate.

31


http://portal.etsi.org/NFV/NFV_White_Paper2.pdf

http://www.genome.gov/sequencingcosts/

AAUUTTOOFFLLOOWW:: AAUUTTOONNOOMMIICCOOPPEENNFFLLOOWWEEXXPPEERRIIMMEENNTTAATTIIOONN FFRRAAMMEEWWOORRKK FFOORR AAUUTTOONNOOMMIICC SSOOFFTTWWAARREE DDEEFFIINNEEDD NNEETTWWOORRKKSS

AAbbssttrraacctt——AAuuttoonnoommiicc NNeettwwoorrkk MMaannaaggeemmeenntt ((AANNMM)) aannddSSooffttwwaarree DDeeffiinneedd NNeettwwoorrkkiinngg ((SSDDNN)) hhaavvee aappppeeaarreedd aasspprroommiissiinngg tteecchhnnoollooggiieess ffoorr ssiimmpplliiffyyiinngg tthhee mmaannaaggeemmeenntt aannddccoonnttrrooll ooff ttooddaayy''ss hhiigghhllyy iinntteerrccoonnnneecctteedd aanndd ccoommpplleexxnneettwwoorrkkss.. AAlltthhoouugghh iitt sseeeemmss tthhaatt tthheerree iiss aa ssttrroonngg lliinnkkbbeettwweeeenn tthheessee ttwwoo tteecchhnnoollooggiieess tthhaatt ccaann rreessuulltt iinn aann eeffffiicciieennttaanndd uusseeffuull iinntteerrppllaayy,, ccoonnssiisstteenntt jjuussttiiffiiccaattiioonn aanndd ppoossiittiioonniinngg iissssttiillll mmiissssiinngg iinn tthhee eexxiissttiinngg lliitteerraattuurree aanndd iinndduussttrriiaall//rreesseeaarrcchhssttuuddiieess.. TThhee AAUUTTOOnnoommiicc ooppeennFFLLOOWW ((AAUUTTOOFFLLOOWW)) pprroojjeeccttaaiimmss aatt vvaalliiddaattiinngg tthhee ssyynneerrggyy aanndd iinntteerrwwoorrkkiinngg ooff AANNMM aannddSSDDNN ffoorr tthhee mmaannaaggeemmeenntt aanndd ccoonnttrrooll ooff FFuuttuurree NNeettwwoorrkkss bbyyeexxppeerriimmeennttiinngg wwiitthh tthhee iinnssttaannttiiaattiioonn ooff aann OOppeennFFllooww//SSDDNNbbaasseedd AANNMM pprroottoottyyppee,, iinntteeggrraatteedd wwiitthh tthhee OOppeennFFllooww//SSDDNNtteessttbbeedd ooff GGÉÉAANNTT..

IInnddeexx TTeerrmmss——AAuuttoonnoommiicc NNeettwwoorrkk MMaannaaggeemmeenntt;; SSooffttwwaarreeDDeeffiinneedd NNeettwwoorrkkss;; OOppeennFFllooww;; EExxppeerriimmeennttaattiioonn FFrraammeewwoorrkk;;GGÉÉAANNTT;;

II.. IINNTTRROODDUUCCTTIIOONN && MMOOTTIIVVAATTIIOONNThe rapid technological progress and unforeseen increase of highlydynamic and stringent users' traffic demands have brought a remarkablecomplexity in today's telecommunication networks and services. Inconsequence, progressively more complex and interconnectednetworking infrastructures are leading to an increasing difficulty inmanaging multi-vendor environments and services. Resorting to closed,proprietary solutions and patches on top of traditional management andcontrol approaches cannot provide a viable way out for handling suchcomplexity. What is really needed is an intelligent, flexible and cost-effective network and service management solution so that the networkcould be better controlled and efficiently operated. To this end, severalprofound and emerging technologies are currently discussed ininternational research projects and standardization bodies.

Two of the most important ones comprise the main subject of theAUTOFLOW project namely, Autonomic Network Management (ANM)and Software Defined Networking (SDN) . AUTOFLOW intends to studyand shed light on the relationship among ANM and OpenFlow/SDN andmake a position statement with respect to their possible synergy andinterworking for the management and control of future networks (Figure1). Furthermore, the project aims at validating and strengthening theabove positioning by experimenting with the instantiation of anOpenFlow/SDN based ANM prototype in scenarios covering autonomictraffic engineering in core networks.


Kostas Tsagkaris, Vassilis Foteinos, MichalisMichaloliakos, George Poulios, MariosLogothetis, Panagiotis DemestichasDigital Systems, University of PiraeusUPRCPiraeus, Greece{ktsagk, vfotein, mmichal, gpoulios,mlogothe, pdemest}@unipi.gr


IIII.. SSYYNNEERRGGYY OOFF AANNMM AANNDD SSDDNNThese two emerging technologies share motivation and have confluentgoals i.e. better and more efficient control and operation, simplification ofnetwork management and control, focus on innovation and differentiationaspects for vendors, CAPEX/OPEX reduction for providers etc.SDN/OpenFlow can be seen as an enabler for simplifying theintroduction of autonomics into networks and network management i.e.it can be used to inject and track autonomic functions/loops into thenetworks, purpose-wise and freely, but at the same time in a well-definedmanner (API). On the other side, ANM technologies can provide amanagement platform for managing SDNs and software networkapplications featured with autonomics and/or for providing guidelines fordeveloping such autonomic software applications.

IIIIII.. EEXXPPEERRIIMMEENNTTAATTIIOONN FFRRAAMMEEWWOORRKKAANNDD OOUUTTCCOOMMEESSAUTOFLOW’s experimentation framework includes three ANM coreblocks and two Autonomic Control Loops (ACLs), which interact with theFloodlight controller through the developed Northbound API.Governance, Knowledge and Coordination are realized from the ANMcore blocks, while the ACLs are responsible for traffic engineering andload prediction. The ANM Core / ACLs components can be consideredin this case as “SDN applications”, where the complete control of theprogrammable network is rendered feasible with the use of the controller.

The conducted experiments have shown that the proposedintegration of ANM/SDN allows operators to manage their networksefficiently, (un)deploying ACLs in a “plug and play” way, monitoringnetwork elements in real time and enforcing decisions on run time. Thereisn’t a strict constraint on the number of ACLs that can operateconcurrently, while the enforcement of new rules in the network can beconsidered as instantaneous (within just a few seconds). Operators maychoose the desired high level policy (e.g. energy efficiency, loadbalancing) and steer the network’s operation respectively (Figure 2).


IIVV.. CCOONNCCLLUUSSIIOONNThe GN3plus project offers a great opportunity for expanding know-howand research achievements in the area of SDN/OpenFlow, throughexperimenting on a widely recognized, realistic testbed. Takingadvantage of this opportunity, AUTOFLOW intends to extend the GÉANTtestbed and perform focused research and experimentation in order todemystify the relationship between ANM/SDN and showcase thatSDN/OpenFlow capabilities can bring "customizable ANM" into reality.

AACCKKNNOOWWLLEEDDGGMMEENNTThis document has been produced with the financial assistance of theEuropean Union. The contents of this document are the soleresponsibility of AUTOFLOW and can under no circumstances beregarded as reflecting the position of the EU. The authors would likeexpress their gratitude to Dr. Afrodite Sevasti for her valuable support inthe realization of this work.

RREEFFEERREENNCCEESS[1] AUTOFLOW project website, hhttttpp::////ttnnss..tteedd..uunniippii..ggrr//aauuttooffllooww//[2] Autonomic Network Management Principles: From Concepts to

Applications, Edited by N Agoulmine, ISBN 978-0-12-382190-4, Elsevier Academic Press Publications 2011

[3] Open Networking Foundation. (2012, Apr.). Software-defined networking: The new norm for networks [Online]. Available: wwwwww..ooppeennnneettwwoorrkkiinngg..oorrgg//iimmaaggeess//ssttoorriieess//ddoowwnnllooaaddss//wwhhiitteeppaappeerrss//wwpp--ssddnn--nneewwnnoorrmm..ppddff

[4] Floodlight project web site: hhttttpp::////wwwwww..pprroojjeeccttffllooooddlliigghhtt..oorrgg//ffllooooddlliigghhtt//, last accessed 31st of January, 2014

Figure 1: AUTOFLOW introduces ANM to the GÉANT OpenFlow-enabled facility

Figure 2: Transmitted bits per second for the two high level policies(energy efficiency and load balancing), experimenting over theGÉANT testbed.

33


http://www.projectfloodlight.org/floodlight/

https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf


http://tns.ted.unipi.gr/autoflow/

CCEEOOVVDDSS:: EEVVAALLUUAATTIIOONN OOFF AANN SSDDNN--BBAASSEEDD VVIIDDEEOO--OONN--DDEEMMAANNDD DDIISSTTRRIIBBUUTTIIOONN SSEERRVVIICCEE

AAbbssttrraacctt——HHiigghh qquuaalliittyy oonnlliinnee vviiddeeoo ssttrreeaammiinngg,, bbootthh lliivvee aanndd oonn--ddeemmaanndd,, hhaass bbeeccoommee aann eesssseennttiiaall ppaarrtt ooff mmaannyy ccoonnssuummeerrss''lliivveess.. TThhee ppooppuullaarriittyy ooff vviiddeeoo ssttrreeaammiinngg,, hhoowweevveerr,, ppllaacceess aa bbuurrddeennoonn tthhee uunnddeerrllyyiinngg nneettwwoorrkk iinnffrraassttrruuccttuurree.. TThhiiss iiss bbeeccaauussee iitt nneeeeddssttoo bbee ccaappaabbllee ooff ddeelliivveerriinngg ssiiggnniiffiiccaanntt aammoouunnttss ooff ddaattaa iinn aa ttiimmee--ccrriittiiccaall mmaannnneerr ttoo uusseerrss.. TThhee VViiddeeoo--oonn--DDeemmaanndd ((VVooDD)) ddiissttrriibbuuttiioonnppaarraaddiiggmm uusseess aann iinnddeeppeennddeenntt uunniiccaasstt ffllooww ffoorr eeaacchh uusseerrrreeqquueesstt,, rreessuullttiinngg iinn mmuullttiippllee dduupplliiccaattee fflloowwss ccaarrrryyiinngg tthhee ssaammeevviiddeeoo aasssseettss rreeppeeaatteeddllyy.. TToo aaddddrreessss tthhiiss pprroobblleemm wwee ddeessiiggnneeddaanndd iimmpplleemmeenntteedd OOppeennCCaacchhee:: aa hhiigghhllyy ccoonnffiigguurraabbllee,, eeffffiicciieenntt aannddttrraannssppaarreenntt iinn--nneettwwoorrkk ccaacchhiinngg sseerrvviiccee tthhaatt aaiimmss ttoo iimmpprroovvee tthheeVVooDD ddiissttrriibbuuttiioonn eeffffiicciieennccyy bbyy ccaacchhiinngg vviiddeeoo aasssseettss aass cclloossee ttoo tthheeeenndd--uusseerr aass ppoossssiibbllee.. OOppeennCCaacchhee lleevveerraaggeess SSooffttwwaarree DDeeffiinneeddNNeettwwoorrkkiinngg tteecchhnnoollooggyy iinn oorrddeerr ttoo rreedduuccee nneettwwoorrkk uuttiilliizzaattiioonnwwhhiillsstt iinnccrreeaassiinngg tthhee QQuuaalliittyy ooff EExxppeerriieennccee ((QQooEE)) ffoorr tthhee eenndd--uusseerr..OOuurr eevvaalluuaattiioonn oonn tthhee GGÉÉAANNTT OOppeennFFllooww FFaacciilliittyy ((aa ppaann--EEuurrooppeeaannOOppeennFFllooww tteessttbbeedd)) uusseess aaddaappttiivvee bbiittrraattee vviiddeeoo ttoo ddeemmoonnssttrraatteetthhaatt wwiitthh tthhee uussee ooff OOppeennCCaacchhee,, ssttrreeaammiinngg aapppplliiccaattiioonnss ppllaayybbaacckk hhiigghheerr qquuaalliittyy vviiddeeoo aanndd eexxppeerriieennccee iinnccrreeaasseedd tthhrroouugghhppuutt,,hhiigghheerr bbiittrraattee,, aanndd sshhoorrtteerr ssttaarrtt uupp aanndd bbuuffffeerriinngg ttiimmeess..

II.. IINNTTRROODDUUCCTTIIOONN && MMOOTTIIVVAATTIIOONNOnline video streaming (live and on-demand) has seen a huge growth inpopularity during recent years. In 2013, Internet video traffic represented66% of all global Internet traffic, and is predicted to increase to 79% by2018 [1]. At the same time, High Definition (HD) video traffic has alreadysurpassed that of Standard Definition (SD) [2]. Undoubtedly, high qualityonline video streaming has become an essential part of manyconsumers' lives.

In a Video-on-Demand scenario, individuals are able to retrievecontent for playback after the initial broadcast. The growth in VoD traffic,coupled with the trend towards content of higher resolution and quality,presents significant challenges. Currently, VoD requests are handledindividually, leading to an independent flow in the distribution networkserving each user's request. Using such a unicast content deliveryparadigm naively ignores that much of the content, in the order ofgigabytes for a typical HD film, is identical to transmissions minutes,hours or days earlier. In order to efficiently support such VoD streaming,the end-to-end capacity of the network must continuously match theincreasing number of Internet video users and the growing popularity ofhigher resolution content. Mechanisms are therefore sought to improvethe efficiency of VoD distribution.

IIII.. OOPPEENNCCAACCHHEETo address the problem of efficient VoD content distribution we designedand implemented OpenCache (Fig.1); a transparent, flexible and highlyconfigurable in-network caching service for VoD streaming [3].OpenCache's contribution is to provide a programmable service thatallows any caching strategy to be easily deployed within networkinfrastructure. To achieve this goal, OpenCache uses Software DefinedNetworking (SDN) to provide a cache as a service for media content in anefficient and transparent fashion. This is achieved through powerfulinterfaces, designed to directly benefit last mile environments. Byleveraging SDN, and OpenFlow in particular [4], we provide a controlplane that orchestrates the caching and distribution functionalities, andtransparently pushes the content as close to the user as possible withoutrequiring any changes to the delivery methods or the end-hosts.OpenCache does not only increase the video streaming Quality ofExperience (QoE) for the end-user, but also provides a white-box content caching approach that enriches the network administrator’smanagement capabilities.


Panagiotis Georgopoulos, Arsham Farshad,Matthew Broadbent, Nicholas RaceSchool of Computing and Communications,Lancaster University,Lancaster, LA1 4WA, United Kingdom{p.georgopoulos, a.farshad, m.broadbent,n.race}@lancaster.ac.uk

Communication Systems Group, TIK, ETHZurich,Zurich, 8092, [email protected]


IIIIII.. EEVVAALLUUAATTIIOONN OONN TTHHEE GGÉÉAANNTTOOPPEENNFFLLOOWW FFAACCIILLIITTYY ((GGOOFFFF))In order to evaluate the efficacy of OpenCache, we carried out a numberof single and multiple client VoD streaming experiments representingdifferent scenarios over the GOFF (one experimentation deployment isdepicted in Fig. 2). During our experiments the video files are streamedusing an adaptive video streaming technology, namely DASH (DynamicAdaptive Streaming over HTTP) [5].

The main aim of our tests was to evaluate OpenCache's impact onthe network link utilisation and its potential impact on the QoE of the end-users. To this effect, and influenced by related work [6-8], we defined fourkey QoE metrics, namely, (a) startup time, (b) bitrate changes duringplayback, (c) average bitrate achieved during playback (weighted basedon its duration) and (d) minimum bitrate requested during playback. Theresults from our experimentation clearly demonstrate the benefits ofOpenCache that provide two to six times quicker start up time(depending on the scenario) and significantly less bitrate oscillation duringplayback. In addition, the results show that OpenCache increases boththe average weighted bitrate up to three times and the minimum bitrateup to six times, depending on the network link characteristics.

IIVV.. CCOONNCCLLUUSSIIOONNAs is being demonstrated through extensive experimentation on GOFF,OpenCache provides caching very close to the user with three importantcontributions. Firstly, the external link usage is reduced leading to lowertransit traffic costs and improved network utilisation as end-user requestsare now served locally. Secondly, OpenCache reduces the distributionload on the origin content provider and all the transient networks alongthe path between the origin and the end-user. Thirdly, by transparentlycaching the content closer to the end-user, OpenCache minimises thedistance between the VoD streaming server and the user. This providessignificant improvements to the Quality of Experience of the end-user.Our evaluation on GOFF demonstrates that the end-user’s streamingapplication observes higher minimum and average streaming bitrate, less bitrate oscillation and finally, quicker start up and buffering times; key QoE differentiators [6-8].


AACCKKNNOOWWLLEEDDGGMMEENNTTThe work presented in this article has been funded by the EU FP7GN3plus project (FP7-INFRASTRUCTURES-605243) and the EU FP7OFELIA project (FP7-ICT-258365).

RREEFFEERREENNCCEESS[1] “Visual Networking Index: Forecast and Methodology, 2013-2018,”

CISCO, Tech. Rep., June 2014.[2 “Visual Networking Index: Forecast and Methodology, 2011-2016,”

CISCO, Tech. Rep., May 2012.[3] P. Georgopoulos, M. Broadbent, B. Plattner, and N. Race. “Cache as

a Service: Leveraging SDN to Efficiently and Transparently Support Video-on-Demand on the Last Mile”. In: 23rd International Conference on Computer Communication and Networks (ICCCN) 2014, pp. 1-9, August 2014.

[4] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson,J. Rexford, S. Shenker, and J. Turner. “OpenFlow: Enabling Innovation in Campus Networks”. In: ACM SIGCOMM CCR 38 (2) pp. 69-74, 2008.

[5] ISO-IEC 23009-1:2012 Information Technology, Dynamic Adaptive Streaming over HTTP (DASH).

[6] S. Krishnan, and R. Sitaraman, “Video Stream Quality Impacts Viewer Behavior: Infer-ring Causality Using Quasi-experimental Designs”. In: ACM SIGCOMM IMC, pp. 211-224, 2012.

[7] F. Dobrian, V. Sekar, A. Awan, I. Stoica, D. Joseph, A. Ganjam, J. Zhan, and H. Zhang. “Understanding the Impact of Video Quality on User Engagement”. In: ACM SIGCOMM 2011, pp. 362-373, 2011.

[8] X. Liu, F. Dobrian, H. Milner, J. Jiang, V. Sekar, I. Stoica, and H. Zhang. “A Case for a Coordinated Internet Video Control Plane”. In: ACM SIGCOMM 2012, pp. 359-370, 2012.

Fig. 1. OpenCache Architecture Fig. 2. Experimentation Deployment on the GÉANT OpenFlowFacility

35


CCOOMMMMUUNNIITTYY CCOONNNNEECCTTIIOONN SSEERRVVIICCEEFFOORR EE--SSCCIIEENNCCEE

AAbbssttrraacctt——TThhiiss ppaappeerr ddeessccrriibbeess tthhee ccuurrrreenntt rreessuullttss ooff oouurr wwoorrkkiinn tthhee GGNN33pplluuss OOppeenn CCaallll pprroojjeecctt CCooCCoo ((CCoommmmuunniittyyCCoonnnneecctt)).. CCooCCoo iiss aa pprrooooff ooff ccoonncceepptt ffoorr aa nnoovveell oonn--ddeemmaannddccoonnnneeccttiivviittyy sseerrvviiccee ffoorr rreesseeaarrcchh aanndd eedduuccaattiioonn ccoommmmuunniittiieess,,ccoonnnneecctteedd tthhrroouugghh ppaarrttiicciippaattiinngg NNRREENN nneettwwoorrkkss aanndd tthheeGGÉÉAANNTT nneettwwoorrkk.. TThhee CCooCCoo pprroottoottyyppee sseerrvviiccee wwiillll eennaabblleesscciieennttiissttss ffrroomm mmuullttiippllee oorrggaanniizzaattiioonnss ttoo ddyynnaammiiccaallllyy ccrreeaatteevviirrttuuaall pprriivvaattee nneettwwoorrkkss ffoorr sshhaarriinngg rreessoouurrcceess ((ccoommppuuttee,, ddaattaa,,eettcc....)) aanndd sscciieennttiiffiicc iinnssttrruummeennttss..

II.. IINNTTRROODDUUCCTTIIOONNConducting eScience research is a community effort in which theimportance of networked services and facilities, e.g. medical andgenome databases, remote microscopes, visualization facilities, cloudcomputing and storage, is increasing. Discussions with eScience usersrevealed that due to privacy and security issues, services and facilitiesmay not always be exposed via the public Internet. Currently, the setup ofvirtual private networks (VPNs) involves manual processes at a NOC ormultiple NOCs if the services and facilities are located in differentdomains. CoCo will enable scientists to dynamically create a L3VPN forsharing resources without manual intervention of the NOCs and usersdon’t need to have extensive networking knowledge.

A CoCo service can be setup by an end user through a simple andeasy to use web portal, which also includes a REST API that developerscan use in their applications. CoCo automatically sets up and manages avirtual network for a community across multiple domains, consideringmobility and fail-over of network connections. CoCo’s proof of concept isdeveloped on existing testbeds, such as GÉANT’s and SURFnet’s

OpenFlow testbeds, and uses existing state-of-the-art open source SDNframeworks where possible.

Figure 1 shows such a virtual network in blue, which is called a CoCoinstance (1). End users, eScience services, and facilities are located andassociated with various organisations (2). The CoCo service will makesure that networks of the organisations (3), participating NRENs andGÉANT (4) are properly configured to provide a CoCo instance.

IIII.. DDNNAA SSEEQQUUEENNCCEERR UUSSEE CCAASSEEIn 2014 we organised a workshop for researchers in various disciplinesand interviewed some of them in order to understand the added value ofon-demand, multi-domain VPNs created with SDN technology and usefulapplications for eScience. These were the starting point for the designand implementation of a prototype. One specific use case, “DNAsequencer as a Service” was more elaborately investigated to illustratethe business value of the CoCo service in the field of expensive eScienceinstruments where sharing of DNA sequencers is key to the progress inthat research field. Extensive resources are needed for a DNA sequenceras a service, such as storage, processing and connectivity. The CoCo


R. van der Pol, M. KaatSURFnetUtrecht, The [email protected],[email protected]

B.M.M. Gijsen, P. ZuraniewskiTNODelft, The [email protected], [email protected]

Fig. 1. CoCo Architecture


service is a good candidate for providing the on-demand, multi-domainconnectivity incorporated in such an integrated resource managementsolution [1]. Isolation from the internet of the connected equipment inmultiple domains, such as the DNA sequencer, the data storage andprocessing equipment, is a prerequisite. Common VPN technology couldbe used to achieve isolation, but that requires manual configuration byexperts in each domain. A valuable aspect of the CoCo service theeScience researchers mentioned is the ease-of-use to create connectivitythemselves. Also, the increased reusability of the SDN-based solutions forother eScience projects is mentioned as a promising improvement.Figure 2 presents an overview of a technical solution for a DNA sequenceras a Service. It shows the inter-domain architecture of CoCo. Each domainhas an OpenFlow based infrastructure and runs its own CoCo-agent. TheCoCo-agents are extensions of the OpenDaylight SDN controller and areresponsible for topology discovery within a domain and do intra- and inter-domain path calculations. The inter-domain path calculations are based onBGP path information being exchanged between neighbouring domains.The CoCo network core consists of OpenFlow switches. MPLS basedforwarding is used in the core of the network.


The CoCo architecture is based on BGP/MPLS VPNs (RFC 4364 [2]).CoCo offers a L3 IP VPN service. Customer traffic is aggregated andencapsulated with an MPLS label and sent to an egress switch. The coreswitches forward based only on that MPLS label. IP prefix and VPNinformation is exchanged between domains via BGP running in the control plane.

IIIIII.. FFIIRRSSTT CCOOCCOO PPRROOTTOOTTYYPPEE AATT SSCC1144The first prototype of CoCo service was demonstrated during theSupercomputing 2014 conference [3] and the collocated INDIS workshop[4]. This prototype demonstrated that a user with minimal knowledge oncommunication networks can easily create, access, detach or modify aVPN that spans over several sites. This is done via a user-friendly CoCoweb portal that hides the required network switch and controllerconfiguration actions for the user. To simplify the set up process even morean overall network topology is depicted, where the links for the user’s VPNare highlighted (Fig. 3). Via the reachability matrix the user can easily verifythe connectivity of the sites and check that no information can leak to non-participants. The OpenDaylight northbound REST API is used to send therequired forwarding rules to the OpenFlow switches.

The communication towards the (virtual) switches is handled using theOpenFlow Protocol (southbound interface).

The next release of CoCo prototype will enable operations betweenmultiple domains, offering its users more flexibility and functionality. That will require information exchange between CoCo agents residing in different domains. At the end of the project, the code of the prototypewill be released as open source.

RREEFFEERREENNCCEESSIntermediate use cases for the Community Connect (CoCo) service.September 2014,http://www.geant.net/opencall/SDN/Pages/CoCo.aspxRFC4364 BGP/MPLS IP Virtual Private Networks (VPNs).The International Conference for High Performance ComputingNetworking, Storage and Analysis:hhttttppss::////sscciinneett..ssuuppeerrccoommppuuttiinngg..oorrgg//wwoorrkksshhoopp//hhttttppss::////sscciinneett..ssuuppeerrccoommppuuttiinngg..oorrgg//wwoorrkksshhoopp//??qq==ppaappeerrss

Fig. 1. CoCo Architecture

Fig. 2. CoCo Layers Architecture

Fig. 3. CoCo Web portal

37


https://scinet.supercomputing.org/workshop/?q=papers

https://scinet.supercomputing.org/workshop/

MMIINNEERRVVAA:: NNEETTWWOORRKKCCOODDIINNGG IINN TTRRAANNSSPPOORRTTNNEETTWWOORRKKSS

AAbbssttrraacctt——TTrraaddiinngg rreedduunnddaannccyy ffoorr ddeeccrreeaasseedd llaatteennccyy aanndd//oorrrreeccoovveerryy ttiimmee iiss aa ccoommmmoonn ttrreenndd iinn ttooddaayy’’ss ttrraannssppoorrttnneettwwoorrkkss.. AAlltthhoouugghh bbaannddwwiiddtthh rreessoouurrcceess iinn bbaacckkbboonneenneettwwoorrkkss aarree oofftteenn aassssuummeedd ttoo bbee uunnlliimmiitteedd,, wwee aarrgguuee tthhaattooppttiimmaall rreessoouurrccee ppllaannnniinngg iiss eesssseennttiiaall.. HHoowweevveerr,, ooppttiimmaallrreessoouurrccee eeffffiicciieennccyy aanndd iinnssttaannttaanneeoouuss rreeccoovveerryy ffoorr ddiissrruupptteeddccoonnnneeccttiioonnss uuppoonn aa nneettwwoorrkk ffaaiilluurree ccaann bbee rreeaacchheedd oonnllyy wwiitthhccoommpplleexx ccoorree nneettwwoorrkk ooppeerraattiioonnss ssuucchh aass nneettwwoorrkk ccooddiinngg.. IInntthhee MMIINNEERRVVAA ffrraammeewwoorrkk wwee iiddeennttiiffiieedd aa pprraaccttiiccaall sscceennaarriiootthhaatt iiss rreessiilliieenntt aaggaaiinnsstt ssiinnggllee lliinnkk ((aanndd ssttoorraaggee)) ffaaiilluurreess,, wwhheerreessiimmppllee ooppeerraattiioonnss aatt tthhee eeddggee nnooddeess aarree ssuuffffiicciieenntt ttoo rreeaacchh aallllbbeenneeffiittss tthhaatt nneettwwoorrkk ccooddiinngg pprroovviiddeess.. WWee iimmpplleemmeenntteedd tthheenneecceessssaarryy vviirrttuuaall nneettwwoorrkk ffuunnccttiioonnss ffoorr tthhiiss sscceennaarriioo aannddddeeppllooyyeedd tthheemm iinn tthhee GGÉÉAANNTT OOppeennFFllooww FFaacciilliittyy ttooddeemmoonnssttrraattee tthheeiirr bbeenneeffiittss ffoorr vviiddeeoo ssttrreeaammiinngg aanndd ddiissttrriibbuutteeddssttoorraaggee uussee ccaasseess..

II.. IINNTTRROODDUUCCTTIIOONNThe recent trends in hardware design of network devices opened theway for involving in-network modification of user data (i.e., networkcoding). This allows increased throughput, better resource efficiency,lower complexity, robustness against failures and security. However, theexisting implementations of network coding either place thecoding/decoding functionality into the application layer of the end hostsor they need to substantially modify the software running in routers,neither of which is applicable in transport networks. On the other hand,the Software-Defined Networking (SDN) paradigm complements theresilient network coding architectures in a simple way, such that the logiccan be moved to an external controller rather than inside the networkingdevices.

In our proof-of-concept implementation we demonstrateinstantaneous recovery of connections by deploying network codingcapable virtual network functions (NFs) at the edge nodes of the SDNnetwork. This does not require packet retransmission or flow rerouting(i.e., we can completely eliminate the time-consuming post-failuresignaling from the recovery process [1]).

IIII.. TTHHEE MMIINNEERRVVAA FFRRAAMMEEWWOORRKKA survivable routing scheme has three utmost important features: fastrecovery time, simplicity (i.e., low computational and operationalcomplexity) and efficient capacity allocation. For the most widespreadsingle edge failure resilient protection method, the 1+1 path protection -which sends the user data along two disjoint paths (primary and backup)- it is simple to calculate a routing (i.e., disjoint path-pair) and it providesfast recovery from any single edge failure. On the other hand, itconsumes twice as much capacity as the primary path. Severalsurvivable routing schemes were introduced in the past decades whichcould significantly reduce the bandwidth utilization of 1+1. However, theysacrifice either its fast recovery time or, most importantly, its simpleoperation.

In the MINERVA framework, we brought together these merits, andwe propose an algorithm based on network coding to reach near-optimalbandwidth utilization, while maintaining simplicity and fast recovery. Weproved that both the optimal capacity allocation and optimal networkcodes for single edge failure resilient connections can be found inpolynomial time [1]. Furthermore, each optimal solution can be routed ifwe split the data at the source node into two parts A and B, weincorporate redundancy through A�B (� denotes the exclusive OR(XOR) binary operator), and we send the three flows on three carefullychosen end-to-end directed acyclic graphs (DAGs). Figure 1 shows suchDAGs as part of the well-known butterfly network.


Péter Babarczi*, János Tapolcai*, CarolinaFernandez^, Oscar Moya^, Otto Wittner+*MTA-BME Future Internet Research Group,Budapest University of Technology andEconomics, Budapest, Hungary^Distributed Applications and NetworksArea – DANA, i2CAT Foundation, Barcelona,Catalonia (Spain)+Uninett, Trondheim, Norway{babarczi,tapolcai}@tmit.bme.hu,{carolina.fernandez,oscar.moya}@i2cat.net,[email protected]


IIIIII.. IIMMPPLLEEMMEENNTTAATTIIOONN DDEETTAAIILLSSWe identified the following key NFs in order to deploy an arbitrary resilientMINERVA architecture [2]:

• Splitter (M0): forwards incoming packets through two different edges.Placed in s and v4 in Figure1.

• Sequencer (M1): splits the input stream at the source node s into parts A and B and mark each flow with its own MPLS label.

• Merger (M2): receives the same data (i.e. with the same MPLS label) on two incoming edges and forwards a merged, corrected output (in case of missing data at the edges) through its single outgoing edge. See nodes v3 and t in Figure 1.

• Coding/Decoding (M3): both NFs are very similar, as they perform fast packet processing using a simple XOR operation and queues to handle the incoming packets. In an optimal solution, they are always placed at s and t, respectively.

We have deployed the resilient architecture in Figure 1 on the GÉANTOpenFlow Facility, along with two application scenarios, i.e., videostreaming and distributed storage.

In both scenarios we have demonstrated single edge-failure recovery,as the video stream originating at source s can be recovered without anynoticeable disruption at destination t and also by the data flows A, B andA�B being recovered from distributed storage nodes.

Furthermore, single storage failure is also demonstrated in thedistributed storage scenario, where the whole data is recovered evenunder the circumstance of a failed storage node


IIVV.. CCOONNCCLLUUSSIIOONNSSWe believe that the MINERVA framework is a real alternative to 1+1protection in resilient networking, as it not only preserves the simplicity inthe network operations and the recovery time, but it also reduces thecapacity consumption of 1+1 by 20-30%.

RREEFFEERREENNCCEESS[1] Péter Babarczi, János Tapolcai, Lajos Rónyai, and Muriel Médard,

Resilient Flow Decomposition of Unicast Connections with Network Coding, in Proceedings of the IEEE International Symposium on Information Theory (ISIT), pp. 116-120, Honolulu, HI, USA

[2] Péter Babarczi, Alija Pasic, János Tapolcai, Felicián Németh, Bence Ladóczki, Instantaneous Recovery of Unicast Connections in Transport Networks: Routing versus Coding, submitted to Elsevier Computer Networks

Fig. 1. A single link failure resilient connection with source s, destination t. The two data parts are denoted as A and B.

39


MMOOTTEE:: MMUULLTTII--DDOOMMAAIINNOOPPEENNFFLLOOWW TTOOPPOOLLOOGGYYEEXXCCHHAANNGGEE

AAbbssttrraacctt——IInn tthhiiss ppaappeerr wwee ddeessccrriibbee aann aarrcchhiitteeccttuurree ffoorr MMuullttii--ddoommaaiinn OOppeennFFllooww TTooppoollooggyy EExxcchhaannggee ((MMOOTTEE)).. WWee pprreesseenntttthhee iissssuueess,, ddeeffiinnee tthhee rreeqquuiirreemmeennttss aanndd ddeessccrriibbee pprrooppoosseeddaarrcchhiitteeccttuurree.. WWee bbrriieeffllyy ddiissccuussss iimmpplleemmeennttaattiioonn cchhaalllleennggeesswwiitthhiinn tthhee OOppeennFFllooww eennvviirroonnmmeenntt aanndd ccoonncclluuddee tthhee ppaappeerr wwiitthh ddiirreeccttiioonnss ffoorr ffuuttuurree wwoorrkk..

IInnddeexx TTeerrmmss——SSooffttwwaarree DDeeffiinneedd NNeettwwoorrkkiinngg,, OOppeennFFllooww,, MMuullttii--ddoommaaiinn,, TTooppoollooggyy EExxcchhaannggee,, NNeettwwoorrkk MMaarrkkuuppLLaanngguuaaggee,, NNeettwwoorrkk SSeerrvviicceess IInntteerrffaaccee..

II.. IINNTTRROODDUUCCTTIIOONNThe services and capabilities offered by the large-scale multi-domainnetworked environment implies that management of these networks isessential. The (controlling) network elements need to have sufficientinformation to take management decisions in an optimal and cooperativeway. This information therefore needs to be exchanged between differentdomains in an efficient and secure way.

One of the most promising SDN technologies currently is based onOpenFlow protocol and the adoption of multi-domain solutions is one ofthe main challenges. The OpenFlow-based networking solutions do notproperly support multi-domain scenarios, although there are somesolutions such as FlowVisor that can partition multiple OpenFlow-enabled switches over several users. However, this solution is applicableto switches that belong to a single domain only.

On the other hand, an upcoming solution for automated inter-domainnetwork services is the OGF Network Service Interface (NSI). Thisstandardized interface allows communication between different networksbandwidth-on-demand or circuit reservation systems. Several supportingservices are also defined in NSI, e.g. a Discovery Service. The NSIFramework provides a way to do automated inter-domain bandwidthreservations. These inter-domain network services are mainlyimplemented on VLANs. However, the NSI Framework is initially derivedwithout support for OpenFlow.

In this article we present the Multi-Domain OpenFlow TopologyExchange (MOTE) architecture. Besides topology exchange amongOpenFlow domains, the architecture bridges the intra-domain operationsof OpenFlow with the inter-domain provisioning in the Network ServiceInterface (NSI) Framework. The methods for describing and exchangingtopology descriptions will allow users to create and tune end-to-endnetwork connections, even those crossing multiple OpenFlow domains.In this article we focus on the topology exchange, and therefore, the main contributions are as the following:

• The topology exchange architecture that supports topology exchange within a multi-domain OpenFlow/NSI environment.

• The support for different topology representations and formats by individual (OpenFlow) domains.


Miroslav Živković, Paola Grosso, Cees de LaatSystem and Network Engineering GroupInstitute for Informatics, Faculty of ScienceUniversity of AmsterdamAmsterdam, the Netherlands

Freek Dijkstra, Diederik VandevenneInfrastructure Services,SURFsaraAmsterdam, the Netherlands


IIII.. TTOOPPOOLLOOGGYY EEXXCCHHAANNGGEEAARRCCHHIITTEECCTTUURREEThe architecture presented here is based on a generic topologyexchange architecture described in . The main requirements addressedwithin the scope of MOTE are as the following:

• Every administrative domain exclusively controls the way it shares its own topology information

• Domains have the possibility of providing representations of the same topology based on e.g. requesting party

• The topology documents exchanged among different domains are using the same data model.

• The architecture supports security for document exchange and multiple disclosure levels

Our architecture distinguishes three main components:

• TTooppoollooggyy IInnddeexx (TI) is a database that holds pointers to the topology providers and summary information.

• TTooppoollooggyy PPrroovviiddeerr (TP) hosts the topology descriptions. • TTooppoollooggyy CCoonnssuummeerrss (TCs) are the components that use

topologies, e.g. path finding component or lookup components (lookup service).

The architecture supports push/pull model as TCs could register toreceive notifications from TI about the topology updates from particulardomains. Once a notification is obtained, TC uses the topology pointer(URL) from TI, and requests the topology from the domain itself.

The topology documents themselves are therefore not stored at acentralized server, but are rather kept by individual domains. Only thelocation (URL) of the topology document is kept at the central location.Once a request for topology document is obtained, a domain decidesbased on the requesting party what topology information (e.g. full/partial,version) would be provided. The architecture is flexible as theimplementation of our solution may be deployed in different scenarios.

IIIIII.. OOPPEENNFFLLOOWW TTOOPPOOLLOOGGYYDDOOCCUUMMEENNTTSSOne of the challenges to exchange topologies from OpenFlow domainsis that these documents may be in different formats. This stems from thefact that different OpenFlow controllers may be deployed at differentdomains. In order to overcome this we use the OGF Network MarkupLanguage (NML) . The controllers need to parse and interpret receivedNML documents in order to use them locally. Similarly, the controllersneed to convert the local topology representation into NML in order toexchange them.

We have verified the topology exchange architecture byimplementing the prototype at our MOTE testbed. This testbed consistsof a number of OpenFlow-enabled switches deployed at participatingpartners’ laboratories. The deployed controllers are Floodlight and Ryuwhich were extended with the described topology conversionfunctionality.


IIVV.. CCOONNCCLLUUSSIIOONNSS AANNDD FFUUTTUURREEWWOORRKKWe successfully deployed the topology exchange solution that embracesOpenFlow domains. We plan to extend our work (OpenFlow TC) suchthat it accommodates end-to-end network connections across multipleOpenFlow/NSI domains.

AACCKKNNOOWWLLEEDDGGMMEENNTTThis work has been carried out within the scope of GN3plus projectMOTE. The authors kindly acknowledge the useful discussions with Ralph Koning and Stavros Konstantaras from the SNE group at theUniversity of Amsterdam.

RREEFFEERREENNCCEESS[1] Open Networking Foundation, “Software-Defined Networking:

The New Norm for Networks”, published online at hhttttppss::////wwwwww..ooppeennnneettwwoorrkkiinngg..oorrgg//iimmaaggeess//ssttoorriieess//ddoowwnnllooaaddss//ssddnn--rreessoouurrcceess//wwhhiittee--ppaappeerrss//wwpp--ssddnn--nneewwnnoorrmm..ppddff

[2] R. Sherwood, G. Gibb, K.-Kiong Yap, G. Appenzeller, M. Casado, N. McKeown, G. Parulkar† “FlowVisor: A Network Virtualization Layer”, Technical report, 2009.

[3] Open Grid Forum (OGF) hhttttppss::////wwwwww..ooggff..oorrgg//[4] G. Roberts, T. Kudoh, I. Monga, J. Sobieski, C. Guok, J. MacAuley

“Network Services Framework v2.0”, hhttttpp::////wwwwww..ooggff..oorrgg//ddooccuummeennttss//GGFFDD..221133..ppddff

[5] R. Koning, M. Živković, S. Konstantaras, P. Grosso, C. de Laat, F. Iqbal, F. Kuipers, “Architecture for Exchanging Topology Information in Multi--domain Networked Environments”, unpublished.

[6] J. vd. Ham, F. Dijkstra, R. Lapacz, J. Zurawski, “Network Markup Language Base Schema Version 1”, hhttttpp::////wwwwww..ooggff..oorrgg//ddooccuummeennttss//GGFFDD..220066..ppddff

[7] Floodlight, Open SDN controllerhhttttpp::////wwwwww..pprroojjeeccttffllooooddlliigghhtt..oorrgg//ffllooooddlliigghhtt//

[8] RRyyuu,, hhttttpp::////oossrrgg..ggiitthhuubb..iioo//rryyuu//

41


http://osrg.github.io/ryu

http://www.projectfloodlight.org/floodlight

http://www.ogf.org/documents/GFD.206.pdf

http://www.ogf.org/documents/GFD.213.pdf

https://www.ogf.org/




SERVICES

Figure 1 – International eduroam authentications by destination

EEDDUURROOAAMM,, EENNAABBLLIINNGGAA GGLLOOBBAALLLLYY IINNTTEERRCCOONNNNEECCTTEEDD RR&&EE VVIILLLLAAGGEE

students and researchers. With its rapid,automatic connections and the ability toconnect to a hotspot without needing tofind and enter usernames andpasswords, many millions of R&E usersare taking advantage of the service every day.

In the last quarter eduroamsupported over 450 million successfulaccess authentications – nearly 5 millionevery day and most importantly over 50million of those were international usersconnecting to eduroam outside their“home” country – that’s over 500,000international authentications a day! As

Wi-Fi access has rapidlybecome an essentialservice for anyoneworking or travelling.

The ability to turn-on and instantlyconnect is now expected and placeswhere Wi-Fi is unavailable are theexception. Everywhere from coffeeshops to buses can now offer Wi-Fi butfrequently these services are hard tofind, harder to connect to and offeruncertain performance and security.

In this Wi-Fi enabled world, theeduroam® service has rapidly grown tobecome the default access method for

the authentication map shows, eduroamis supporting R&E across the wholecontinent.

These “roaming” connectionsdemonstrate how eduroam is helping tosupport a global R&E village withstudents and researchers workingtogether whenever, and wherever theyneed to be.

For more information on howeduroam is supporting global R&Evisit wwwwww..eedduurrooaamm..oorrgg

http://www.eduroam.org

43

SERVICES

CCYYPPRRUUSS AANNDD IITTSSEENNVVIIRROONNMMEENNTTAALLIIMMPPAACCTT

WordsNikoletta Tsioroli& PetrosIoannou, SpecialScientists,CYNET

environmentally positive alternative,explore new innovations in Green ICT aswell as the reduction of the overall powerconsumption and increase energyconservation and energy efficiency. Theinformation and goals will then bepresented to the CYNET subscribers inan effort to raise awareness thusimproving the environment in a largerscale as well as reduce the CarbonFootprint.

Communication Technologies (ICT) toimprove the environmental sustainabilityof the organization, as well as of thewider community.

CYNET participates in the GEANTproject particularly “The Greening ofServices” activity which is seeking tomake the environment greener. For thefirst time CYNET created anEnvironmental Sustainability Policy and iscommitted to facilitate its gradualimplementation. The policy includesdissemination and sharing of informationamong CYNET employees/subscriberson environmental issues, implementationof Green House Gas (GHG) audits,promotion of the use of appropriate ICTservices/infrastructures as an

Cyprus is a small andadaptable free-marketeconomy with a positivelong-term outlook despite

the current challenging environment. The island, strategically located at thecrossroads of three continents,promotes itself as the business gatewaybetween Europe, Asia, the Middle Eastand Africa especially with its ICTinfrastructure. Cyprus has madesignificant advances in its environmentalinfrastructure. Its island status, results insignificant challenges for water supply,waste management and energy supplywhich constitutes one of the mostimportant sectors as far as the economyis concerned, but also with regards tothe national strategy/security.

The environmental policy of Cyprushas been revised in recent years, as aresult of the harmonization process withthe European Union. Cyprus has ratifiedthe Kyoto Protocol on climate changeand the Cyprus Institute of Energy (CIE)was founded in 2000 and is involved inseveral programs, cooperates with otherinternational organizations with commongoals, undertakes applied research andoffers technical guidance andinformation. Generally, it conducts awide range of activities regardinginformation, promotion and utilization ofnew Innovative Energy Technologies andespecially Renewable EnergyTechnologies.

Cyprus Research and AcademicNetwork - CYNET, is in an ideal positionto utilize Information and

For more information visithhttttpp::////wwwwww..ccyynneett..aacc..ccyy

http://www.cynet.ac.cy


EENNAABBLLIINNGG UUSSEERRSS ––EEDDUUGGAAIINN WWOORRKKIINNGG WWIITTHHTTHHEE RR&&EE CCOOMMMMUUNNIITTYY TTOOSSUUPPPPOORRTT CCOOLLLLAABBOORRAATTIIOONN

LLuukkaass HHaammmmeerrllee,, PPrroojjeecctt LLeeaaddeerr ““EEnnaabblliinngg UUsseerrss””,, GGÉÉAANNTT wwaass iinntteerrvviieewweedd bbyy KKaarrll MMeeyyeerr

SSHHOORRTT BBIIOO OOFF LLUUKKAASSLukas Hämmerle studied electricalengineering and informationtechnology at the Swiss Institute ofTechnology (ETH Zurich). Aftergraduating in 2004, he joinedSWITCH to help build and operatethe national authentication andauthorization infrastructureSWITCHaai. Lukas has beeninvolved with GÉANT since theGÉANT 2 project, where the initialplanning and development foreduGAIN started.

SERVICES

45

SERVICES

LLUUKKAASS,, WWHHYY DDOO WWEENNEEEEDD AA TTEEAAMMFFOOCCUUSSEEDD OONNEENNAABBLLIINNGG UUSSEERRSSAANNDD WWHHAATT DDOOEESSTTHHIISS MMEEAANN??An increasing number of federations arebecoming members of eduGAIN and itsoverall coverage is growing but until theusers and service providers understandhow to use eduGAIN, the benefits canbe limited. Our team worked with thevarious research communities to helpthem get the most out of eduGAIN,benefit from the opportunities it offersand in particular work on some morecomplex use-cases.

WWHHAATT DDIIDD TTHHEE TTEEAAMM DDOO??In brief, the task’s main objectives are:

• To act as an expert partner for research communities wishing to use eduGAIN

• To build a knowledge database focused particularly on supporting the needs of user communities;

• To promote the increased use of federated login via eduGAIN.

WWHHAATT HHAAVVEE YYOOUULLEEAARRNNEEDD??Our team worked closely with fiveEuropean research communities. Thishelped us understand the technical andorganisational needs of thesecommunities.

Our work highlighted that many ofthe issues can be technically solvedtoday, but the deployment of thesesolutions, and the decision-makingprocess preceding it, often takes longerthan expected. Many researchcommunities first need to familiarisethemselves with the fundamentalconcept of federated identitymanagement and authentication andauthorisation infrastructures (AAI) beforethey can understand their advantagesand limitations.

WWAASS TTHHEE PPRROOJJEECCTTVVAALLUUAABBLLEE??All parties involved found thecollaborative and consultancy process tobe beneficial, clearly showing that thereis a demand for GÉANT to offer apermanent consultancy service.The requirement for accessmanagement for research has become amajor issue in science. AAI providersneed to understand the needs of thescientific communities, while scientificcommunities should develop theirunderstanding of the benefits offederated identity management and AAIand what providers can be expected todeliver.

This approach therefore involvesGÉANT becoming a collaborativepartner of research communities toactively help them make use of AAItechnologies to benefit Research andEducation collaboration across Europeand worldwide.

CCEERRNNCERN, the European Organization for Nuclear Research[CERN], is active in high-energy physics research. Alarge community consisting of over 10,000 physicistsfrom more than 60 countries collaborate to process thehuge amount of data produced. Most of these scientists,who are located all over the world, require remoteaccess to the data that these experiments generate.

The Enabling Users Task helped CERN to:

• Connect their ADFS-based identity management via the Swiss identity federation to eduGAIN to allow bilateral access to and from CERN services and identity providers operated in eduGAIN.

• Contribute to formulating a new policy for a more formalised incident handling in eduGAIN.

The main benefit for CERN employees will be thepossibility of using their CERN user account to accessand use web services operated by universities andresearch institutions. At the same time, CERNcollaborators could use the user account issued to themby their home institution to access some of CERN’s web services


SERVICES

Traditional legacy IT solutions nolonger meet the needs of theeducation sector, which is lookingto collaborate and manage criticaldocuments more easily andsecurely from anywhere and onany device. Our partnership withJisc removes the barriers to cloudadoption within the educationsector by delivering a platform thatsupports education programmesand strategies.” Jisc places astrong emphasis on creatingenvironments that fosterproductivity through user-centeredand secure tools. Box met thecriteria set by Jisc and hasbecome the preferred collaborativecloud platform for UK universities.Box makes it easy for more than27 million individuals at 240,000businesses around the world toshare and collaborate acrossdevices, while providing ITdepartments with unparalleledinsight and control. With today’sannouncement, Jisc joins agrowing number of industries thathave chosen Box, including theUK government, which deployedBox to its G-Cloud portal in 2013.The Box platform is available todayto universities in the UK,exclusively through Jisc.

WWHHAATT DDOOEESS BBOOXXOOFFFFEERR AANNDD HHOOWW CCAANNRREESSEEAARRCCHH AANNDD EEDDUUCCAATTIIOONNCCOOMMMMUUNNIITTIIEESS UUSSEETTHHEE SSEERRVVIICCEE??Box offers easy collaboration betweenstudents, teachers, and faculty. Userscan collaborate and share informationfrom anywhere, work together on teamprojects, audit, monitor and controlinformation without worrying aboutlosing content. Specifically BOX enables:

• granular authentication• team collaboration• easy integration with applications • document management • and security

WWHHAATT WWOOUULLDD YYOOUUSSAAYY AARREE TTHHEE KKEEYYBBEENNEEFFIITTSS OOFF TTHHEE BBOOXXSSOOLLUUTTIIOONN??With Box, you get secure cloud storage,sharing and collaboration on any device.Companies and education institutionsrely on Box because it's secure, workson any device and scales to meet theneeds of small businesses and Fortune500 companies as well as specificvertical sectors - like the Educationspace. Our recent agreement with Jiscdemonstrates how Box is committed toworking with R&E providers to supporttheir staff, researchers and students.

BBOOXX IISSNN’’TT JJUUSSTTAABBOOUUTT FFIILLEE SSTTOORRAAGGEEAANNDD SSHHAARRIINNGG,, TTEELLLLMMEE AABBOOUUTT BBOOXX AAPPPPSSAANNDD HHOOWW CCAANN RR&&EEBBEENNEEFFIITT FFRROOMM TTHHIISSAAPPPP MMAARRKKEETTPPLLAACCEE??More than 35,000 developers arebuilding services on the Box platformtoday. Every month, 1 billion third-partyAPI calls are made to the Box platform.Box’s OneCloud ecosystem of mobileproductivity apps passed 1,000 platformpartners in 2014. Over the last year,usage of third-party apps by Boxcustomers has increased significantly.

WWHHEERREE DDOO YYOOUU SSEEEETTHHEE CCLLOOUUDD SSEERRVVIICCEESSIINNDDUUSSTTRRYYDDEEVVEELLOOPPIINNGG OOVVEERRTTHHEE NNEEXXTT FFEEWWYYEEAARRSS??Every industry is experiencinginformation-driven transformationdifferently. The first wave of the cloudempowered people to be more mobile,productive and collaborative. Now wehave an opportunity to move beyondorganic, user-driven productivity gains,and change the very processes andeven businesses models that define theway organizations and institutionsacross verticals operate and compete.

BBOOXX –– WWOORRKKIINNGG WWIITTHH RREESSEEAARRCCHH AANNDD EEDDUUCCAATTIIOONNAACCRROOSSSS EEUURROOPPEE DDaavviidd QQuuaannttrreellll,, SSVVPP aanndd GGMM ooff EEMMEEAA,, BBooxx iiss IInntteerrvviieewweedd bbyy KKaarrll MMeeyyeerr,, PPrroodduucctt MMaarrkkeettiinngg aanndd CCoommmmuunniiccaattiioonnss OOffffiicceerr

47

SERVICES

In September 2014 Jisc launched Box as its first ever file sync andshare (FSS) cloud solution, on its Dynamic Purchasing System(DPS). Having completed a rigorous pre-screening, Box is nowavailable through the Jisc portal to more than 134 Higher andFurther Education institutions in the UK. “Research and educationorganisations across our community want access to collaborativesync and share facilities and there is an increasing need forsecurity, particularly for IP protection and data storage within theeducation sector,” said Daniel Perry, director of product andmarketing at Jisc.“Box addresses this need and we areencouraging suppliers to use the platform not only for FSS but alsofor it’s rich collaborative capabilities.” David Quantrell, Box seniorvice president and general manager of EMEA, said:

Jisc places a strong emphasis on creating environments thatfoster productivity through user-centered and secure tools. Boxmet the criteria set by Jisc and has become the preferredcollaborative cloud platform for UK universities. Jisc now joins agrowing number of industries that have chosen Box, including theUK government, which deployed Box to its G-Cloud portal in2013. The Box platform is available today to universities in the UK,exclusively through Jisc.

DDAAVVIIDD QQUUAANNTTRREELLLL,, SSVVPP AANNDD GGMM OOFF EEMMEEAA,, BBOOXX David is Senior Vice President and General Manager of EMEA atBox, where he is driving the company's continued expansionacross Europe. Most recently, David was President, EMEA, forMcAfee which was sold to Intel in 2011. Prior to joining McAfee, hewas Vice President EMEA for HP software, led all aspects of EMEAbusiness for Mercury Interactive, served as President EMEA NetIQ,and held the role of Vice President EMEA for Nortel Networks andVice President of EMEA at Clarify.

David received his Bachelor's degree in Electrical and ElectronicEngineering from Liverpool University.

For more information check outthe Box Education webpage -hhttttppss::////wwwwww..bbooxx..ccoomm//eenn__GGBB//iinndduussttrriieess//eedduuccaattiioonn and visithttp://clouds.geant.net to findout how Box can support yourteams.

AABBOOUUTT BBOOXX:: Box’s mission is to makebusinesses of all sizes moreproductive, competitive, andcollaborative by connectingpeople and their mostimportant information. Morethan 32 million people at275,000 businesses,including 99 percent of theFortune 500, use Box todayto share, manage and accesstheir content globally. Contenton Box can be securelyshared and easily accessedon the web, through iOS,Android and Windows Phoneapplications, and extended topartner applications, such asGoogle Apps, NetSuite andSalesforce. Headquartered inLos Altos, CA, Box isprivately held and backed byseveral leading venture capitalfirms and strategic investors.

http://clouds.geant.net

https://www.box.com/en_GB/industries/education

https://www.box.com/en_GB/industries/education


SERVICES

well as to gain visibility into unsanctionedones. Netskope allows IT to find all thecloud services that are in use across theinstitution, understand usage of thoseservices at a detailed level, and secureusage by enforcing granular policiessuch as “Don’t allow content upload toany file-sharing service if the content ismarked “Confidential”.

With Netskope, IT can now take ascalpel, rather than a sledgehammer, tounfettered cloud usage. Instead ofsaying “no,” they can say “yes” to cloudservices while cutting out the riskyactivity and keeping sensitive contentsecure. By helping IT to safely enablesanctioned apps while discovering andsecuring usage in unsanctioned ones,Netskope helps institutions to move atthe pace of research and collaborationwhile keeping data safe.

Find out how Netskope can helpyour organisation manage CloudServices at wwwwww..nneettsskkooppee..ccoomm or readour handy guide Cloud Security forDummies. Email Sue Goltyakova(ssuuee@@nneettsskkooppee..ccoomm) for your freecopy.

Cloud with Confidence™ withNetskope. We wrote the book on Cloud Security.

Higher education and researchinstitutions are adopting thecloud in a big way. Fromstreamlining university

operations to collaborating on research,higher education employees andresearchers are using the cloud to workfaster and more flexibly than ever before.However, while IT has responsibility formanaging some cloud services,individuals and departments are nowmore than ever able to procure,administer and use cloud serviceswithout involving IT, and without jumpingthrough hoops to find budget.

Increased productivity is a goodthing, but it can present new problems.The popularity of the cloud has led toapp “sprawl”, with an averageorganisation running 613 cloud services,only about 10% of which are known toIT. The unmanaged cloud service usagecan disguise or hide risky or non-compliant behaviour, which can lead tothe exposure of sensitive content suchas proprietary research or intellectualproperty.

Netskope provides organisationswith solutions to safely enablesanctioned cloud services, such as Box,Azure and Amazon Web Services, as

NNEETTSSKKOOPPEE –– CCLLOOUUDD WWIITTHH CCOONNFFIIDDEENNCCEE

http://www.netskope.com

49

SERVICES

BBAANNDDWWIIDDTTHH OONN DDEEMMAANNDD EEXXPPAANNDDSS IITTSSRREEAACCHH

The global collaboration of bandwidthon demand services (which includesGÉANT Bandwidth on Demand)reached another milestone with over300 connections now being createdevery month. With over 23 domainsacross the globe now incorporated intothe scheme (including Japan and theUSA) the BoD service provides a hugelyflexible service for regional andinternational research collaborationefforts.

The primary benefit of BoD is that itgives the power and control over thenetworking to the researchers ratherthan relying on NREN support teams tomanage connectivity. This increases the flexibility of the services and allowsthe network to respond to the needs of R&E.

“Bandwidth on Demand is going fromstrength to strength with more and moredomains being added and new usersdiscovering how to benefit from itsflexibility and global reach”. TanguiCoulouarn, Product Manager Bandwidthon Demand, GÉANT.

To find out more about the GÉANTBandwidth on Demand service and howit can help you go tohhttttpp::////bboodd..ggeeaanntt..nneett.

NNSSII -- AA KKEEYYEENNAABBLLEERR OOFF SSDDNN In recent years the SoftwareDefined Networking (SDN)concept has become a hotresearch topic. In SDN,network intelligence is movedout of network switches andinto a centralized controller,empowering the user to buildvirtualized networkcapabilities on demand. NSIhas become a key enablersupporting software definednetworking in the NRENcommunity.

When NSI was firstenvisaged, the objective wasa system that would allowexisting dynamic circuitservices to interoperate via awell-defined andstandardized interface. It isnow possible to requestcircuits that can transitnetworks using diversetechnologies such asOSCARS, GÉANT BoD andJapan’s G-lambda. Anotherobjective of NSI was toprovide an API for userapplications to directlyrequest this end-to-endconnectivity – this is now alsosupported by NSI v2.0

CCEERRNN WWOORRKKIINNGG WWIITTHH GGÉÉAANNTT GÉANT is an active player to serve the networkneeds of the WLCG (Worldwide LHCComputing Grid) for the analysis of the dataproduced LHC experiments. The WLCG iscomposed of nearly 500 sites across the globewith CERN and 13 other major sites at the core.The LHCONE network has been developed toconnect from the centre to the smaller sites.Within the LHCONE, ESNET is coordinating thedevelopment of a dynamic bandwidth allocationservice. This new service, using the NSIprotocol, is built on top the BoD service andother similar services. This lets applicationscontrol network resources in a much moreefficient and deterministic way.

http://bod.geant.net


COMMUNITY NEWS

PARTICIPATE IN TNC15!

51

COMMUNITY NEWS

The GÉANT Project will play animportant role in the upcoming annualnetworking conference, TNC. Withfifteen papers across multiple sessions,various hot topics will be discussed,such as ‘Open Calls – GeneratingInnovation with Impact’; One StopShop: Bringing Scientific CommunitiesTogether’ and ‘Networking the SquareKilometre Array’.

The Project has been a long-timesupporter of TNC, which over the yearshas become the largest networkingconference for research and education,attracting ever more decision makers,managers, network and collaboration

specialists, and identity and accessmanagement experts from researchorganisations, universities andindustry.

TNC15 will be held in Porto,Portugal from 15-18 June. You arewelcome to participate by:

• submitting a proposal for a 5-minute lightning talk or a poster presentation (deadline 15 April);

• sending demonstration proposals to: [email protected](deadline 15 April);

• registering to attend in person (early bird discount until 23 February);

• following live streams online if you can’t attend in person;

• following #TNC15 on social media during and before the event.

‘CONNECTEDCOMMUNITIES’THEMEToday, national research and educationnetworks are at an exciting crossroadsin society. They provide the basicinfrastructure on which big science andbig data build, but they also address therequirements of ever-increasing andmore diverse communities of Internetusers. Many questions remain achallenge, at a time when privacy andsecurity are not a given. This year’sTNC will address such topics throughkeynote speeches, technical sessions,lightning talks and demonstrations.The programme is now available online.

KEYNOTESPEAKERS:• John Day, University of Boston,

United States - Connected communities need strong

foundations • Manfred Laubichler, Arizona State

University, United States - Detecting innovation in networks of collaboration: a graph theoretical approach

• Sarah Kenderdine, National Institute for Experimental Arts, Australia - Cultural data in the age of experience

• Timo Lüge, Social Media For Good - Disaster response in a connected world

• Avis Yates Rivers, Technology Concepts Group Intl. - Unconscious Biases: Addressing Stealth Barriers to Innovation & Productivity

• João Paulo Cunha, University of Porto, Portugal - Porto: A living lab for future Internet in future cities

SPONSORS ANDEXHIBITORSIf you would like to become asponsoring partner / exhibitor, pleasecontact Gyöngyi Horváth [email protected], or call +31 (0)20 530 4488.

FURTHERINFORMATIONVisit https://tnc15.terena.orgfor registration and all otherinformation.

https://tnc15.terena.org


COMMUNITY NEWS

THE MANY BENEFITSOF SECONDMENTAND WHY IT MIGHTBE FOR YOU!

Jan Kohlrausch is Senior IncidentHandler and Researcher at the DFN-CERT, Germany. Over the last fewyears his main objectives have beenincident handling, disclosure ofsecurity advisories and thecoordination and work on national and European research projects.

TELL US ABOUT YOURSECONDMENTFrom July to December 2014, I was aSecurity Officer - part of theInformation & Infrastructure SecurityTeam, at GÉANT in Cambridge, UK.The role comprised the review andformulation of security policies,planning for an ISO 27001certification process and establishing atrust relationship with the EuropeanCERT community (Trusted Introducercertification).

WHAT MADE YOU DECIDETO TAKE PART?I had previously worked on theSecurity Activity of the GÉANT projectand wanted to take the chance toextend the close collaboration betweenDFN/DFN-CERT and GÉANT.Personally, it was an excitingopportunity to gain new experiencesand to live in a renowned BritishUniversity city.

BENEFITS TO YOURCAREER?I was able to increase my experiencesin the area of Information Security(e.g. ISO 27001) and networkoperation and to establish newcontacts.

HOW DO YOU THINK ITBENEFITS YOUR NREN?The protection of the internet whichincludes the infrastructure of GÉANTand DFN is a collaborative effort. Thesecondment opens the door to extendthis and helps initiate new projects,for example, improving the detectionand mitigation of multi-domainattacks such as distributed denial ofservice (DDoS) attacks.

BEST BITS?The combination of gaining newexperiences and living in Cambridge.It was an exciting opportunity for me.It was very well organised andsupported and I particularly enjoyedthe work and environment. I woulddefinitely recommend it to others.

JAN KOHLRAUSCH

In every aspect of its development, management andhow it is used, the GÉANT network is founded on anddriven by collaboration. From the services that supportit to the world-class science it enables, GÉANT is acollective effort, connecting teams of talented peopleacross the networking industry and throughoutEuropean research and education.

Bringing networks and people together is thereforecentral to the GÉANT project. This year the project isenthusiastically encouraging people to take upsecondments across the community.

Experience shows that the movement of people isone of the most effective ways to transfer knowledge,and the benefits to all involved are myriad.

CONNECT caught up with GÉANT secondees - pastand present - to find out what it’s like to take this boldcareer step, how it facilitates the exchange of bestpractice and the benefits it delivers to both the host andoriginal employers.

We hope it will inspire the National Research andEducation Network (NREN) community to join ourinterviewees Jan and Ivan, who are increasing thetransfer of skills, camaraderie and know-how acrossresearch and education networking.

53

COMMUNITY NEWS

NETWORKINGPEOPLESays Linda Mesch, GÉANTProgramme Management Officer

“When implemented effectively, thepotential benefits of secondment toall parties is great. The secondeeemployee enjoys valuable personaland career development and gets theopportunity to acquire extensiveexperience, confidence and skills.

The secondee’s home NRENgains enhanced employee skills andwider, improved networks, whichcan be built upon at GÉANT eventsthroughout the year. This opens thedoor to new opportunities forcollaborative ideas and problemsolving.

The host organisation – in thiscase GÉANT - attains immediateskills, opportunities to increase andshare knowledge and an externalperspective. In all cases, cross-functional communications arelikely to be hugely improved.

We hope more members of theNREN community will create andtake advantage of secondmentsacross the GÉANT consortiumwherever possible.”

For more information aboutseconding at GÉANT inCambridge, please [email protected]

Bulgarian Ivan Garnizov works forRRZE Friedrich-Alexander-Universität Erlangen, Germany asubcontractor of DFN. He is engagedwith perfSONAR deployments andsupport, implementation of GÉANTproducts and in participating andleading many organisational tasks.

TELL US ABOUT YOURSECONDMENTI received an inquiry from GÉANT‘Cambridge CIO, Anand Patil asking ifI was interested in a secondment. Itwasn’t an easy decision for me, withfamily and my two princesses at home.However, knowing it would help mycurrent tasks and hoping I could putmy existing GÉANT knowledge to thetest, I decided to go for it.

We agreed it should not overlapwith the next project, so we arranged asecondment for five months (whichwas later extended by one month).

Working closely with GÉANT ITand Operations teams in Cambridge, Ihave discovered a lot of open mindedprofessionals, who are alsoconsiderate, caring and patient. Ialways find myself very welcome inmeetings and was pleased to be invitedto the office Christmas party.

From the beginning, the teamreally put me at ease and are flexiblewith fairly regular visits home.GÉANT took care of arranging thewhole secondment, which made thedecision much easier.

BEST BITS ABOUT IT?The ability to work and share ideaswith open minded experts and getinside the processes. It is really easy towork with all the teams.

I wouldn’t be able to list them all,but I also enjoy being able to talk withthe CTOs, PMO, Training, PartnerRelations and Support teams. Iespecially like the big, sociablekitchen, where you could easily findyourself with the CTO, CIO andpeople at all levels, chatting overcoffee or a lunch break.

HOW DO YOU THINK ITWILL BENEFIT YOURNREN?It’s a little early to make conclusions.However, I believe the benefit willcome from my well establishedcontacts and good connections withinthe various GÉANT teams.

ANYRECOMMENDATIONS?Get on your bike and get in touch(http://linkd.in/1I7CjhM). I knowplenty of tracks and interesting placesaround Cambridge!

IVAN GARNIZOV

[email protected]


COMMUNITY NEWS

TRUST AND FEDERATED ACCESSIN ROADMAP TOPRESERVING DIGITAL CULTURALHERITAGE

55

COMMUNITY NEWS

carried out by the institutions and howaccess management is carried out bythe service providers is left up to therespective parties.

Considerable technical expertise isrequired to set up the infrastructureallowing federated access (installing anidentity provider [IdP] or a serviceprovider [SP]). This is a potentialbarrier in the digital cultural heritagecontext, due to the lack of technicalresources in this sector. However,federated access can also bring anumber of benefits, such as scalability,increased security, and mechanisms toestablish trust among the participatingparties. To facilitate the adoption offederated access in this community, itis important for the digital culturalheritage stakeholders to act as acommunity as much as possible, and toengage with the R&E federationoperators.

The main recommendations fromthe report can be found in the tablebelow.

The DCH-RP (Digital CulturalHeritage-Roadmap forPreservation) projectdelivered a ‘Roadmap for

Preservation’ that fundamentallyaddresses the use of existing andemerging e-infrastructures for thepurpose of long-term, reliable data andmetadata preservation. It could becomeinstrumental when approaching policymakers and national authorities to getsupport for the creation of an e-infrastructure that is able to meet therequirements of the cultural heritagecommunity.

Defining the PreservationRoadmap for DCH encompassed anumber of activities includingexploring the state of the art in culturalheritage and e-infrastructure,developing a registry of services andtools, investigating how Infrastructureas a Service (IaaS) can contribute todigital preservation services for DCHand considering how standards andinteroperability principles can be

adopted by the cultural heritage and e-infrastructure communities. Inaddition, the Roadmap wassupplemented by practical tools fordecision makers, including bestpractices to promote futureinteroperability and the adoption ofcommon standards, tools, approachesand business models.

One of the aspects identified in theRoadmap is the need for a mechanismfor creating trust between the DCH-RPinstitutions and the e-infrastructureproviders. This is to be achieved byagreeing on policies as well as on theadoption of specific technologies, oneof which is federated access.

GÉANT’s Amsterdam office(formerly TERENA) was a DCH-RPproject partner whose role was toprovide a set of recommendations onthe adoption of federated access.Federated access provides the technicaland policy framework to allow servicesto be shared in a trustworthy fashionacross borders. How authentication is

ABOUT DCH-RPDCH-RP (Digital CulturalHeritage Roadmap forPreservation) was a 13-partnerproject supported by the EC FP7e-Infrastructures Programme. It aimed to harmonise datastorage and preservation policiesin the digital cultural heritagesector; to progress a dialogue andintegration among institutions, e-Infrastructures, research andprivate organisations; and toidentify models for thegovernance, maintenance andsustainability of the integratedinfrastructure for digitalpreservation of cultural content.The project concluded in October 2014.http://www.dch-rp.eu/

Recommendations Actors

Use a managed service to operate your IdP, whethera commercial offering (such as OpenAthens, Gluu,Ping Identity and equivalent) or one offered by theNRENs (such as GARR’s IdP in the Cloud).

DCH-RP community

Engage more actively with national R&E federationoperators and ensure that funding is allocated to thefederations for support activities.

DCH-RP community

Avoid the use of digital certificates; if services requirea digital certificate (i.e. grid facilities), use solutionslike the e-CSG to hide the complexity.

Resource providers

The use of social network identities should not bediscarded; there may be applications for which asocial network account is sufficient.

Resource providers

Applications should use simple graphic interfaces,rather than command line, to encourage wider use.

Applicationdevelopers andresource providers

Especially if federated access is provided, bestpractice guidelines should be followed to improveuser satisfaction

Resource providers

Consider adding a cost/benefit analysis in theroadmap, which also includes considerations aroundreusing/sharing applications (federated access)versus managing services at institutional level.

DCH-RP partners

http://www.dch-rp.eu/


COMMUNITY NEWS

THE PRESIDENTDECORATES ARNESOn 17 November 2014, the President of the Republic of Slovenia decorated ARNESwith the Order of merit for development and research in the field of introducingnew information and communications technologies in Slovenia.

colleagues through a dedicated opticalfibre connection. ARNES’s vision is touse its networks and computing cloudto provide researchers and educators insmall towns with access to the highesttechnology and equal opportunities forcollaboration on the advancedinternational projects available to theirpeers in Sweden, Switzerland orEngland. Let us not forget that 4% ofthe calculations required to prove theexistence of the Higgs boson wereperformed in the relatively smallSlovenia.

When the topic is the developmentof e-Slovenia, ARNES is an integralpart in these discussions.

A RNES was established 22years ago as a national“academic network” andtoday connects over 1000

organisations with more than 200,000users in the fields of research,education and culture to the GÉANTpan-European research and educationnetwork. With its network and services,its management of an ISP hub and

the .si domain as well as providingsecurity, it is one of the key elements inSlovenia’s e-infrastructure, and ensuresthe transfer of knowledge when newtechnologies are introduced.

ARNES’s general manager MarkoBonač, who has led ARNES since itsinception, points out that “22 years agowe were real pioneers in the field of ICTand we remain one of the keyorganisations to ensure theintroduction of new networktechnologies in Slovenia”.

In the 90s, simple dial-upconnections at schools provided aturning-point for communication withtheir counterparts all over the world -20 years on, the Academy of Music canstay in tune with its international

57

COMMUNITY NEWS

NEXT EGI CONFERENCE – BUILDING THEOPEN SCIENCECOMMONSThe EGI Conference 2015 will

be held in Lisbon, Portugalbetween 18-22 May, as a firstopportunity to push forward

the Open Science Commons, a newvision proposed by EGI whereresearchers from all disciplines haveeasy, integrated and open access to theadvanced digital services, scientificinstruments, data, knowledge andexpertise they need to collaborate andachieve excellence in science, researchand innovation.

The event is organised by EGI.euand IBERGRID, a partnership betweenthe Portuguese National DistributedComputing Infrastructure (INCD) andthe Spanish National Grid Initiative(NGI-ES). Jorge Gomes, INCD’sServices and Technology Director, says:“We are delighted to host the EGIConference 2015. The event will joinusers, developers and providers in thedistributed scientific computingdomain and we look forward towelcome them next Spring in Lisbon.”

The event will also be the first EGImeeting in the post-EGI-InSPIREproject era and will kick-off the workfor the coming years, focusing on newchallenges and new engagementopportunities through a successfullyevaluated follow-up project within theEuropean Commission Horizon 2020funding programme, called EGI-Engage.

Tiziana Ferrari, EGI-EngageProject Director and EGI.eu TechnicalDirector says: “In EGI-Engage, we willwork together to make the OpenScience Commons happen. Our maingoal is to expand the capabilities of aEuropean backbone of federated e-Infrastructure services for research.”

More information about the event is available on the EGIConference 2015 website:http://conf2015.egi.eu

http://conf2015.egi.eu


COMMUNITY NEWS

HEANET DELIVERS 100 MBPS FOR IRELAND'S780 POST-PRIMARY SCHOOLSEvery post-primary school in

Ireland now has high speedbroadband as a result of a€30 million, three year

programme rolled out on behalf of theIrish Government by HEAnet -Ireland’s NREN.

The broadband programme, whichrepresents one of the most ambitioustechnology roll-outs to the Irisheducation sector, was delivered withinbudget and a highly challenging threeyear schedule. It was completed incollaboration with the Department ofCommunications, Energy and NaturalResources and the Department ofEducation and Skills in Ireland.

“HEAnet is very pleased to havesuccessfully delivered this programmeon behalf of the Irish Government andIrish post-primary schools”, saidJohn Boland, HEAnet ChiefExecutive.

“We believe that the provision ofhigh-speed broadband to post-primaryschools will have very meaningfulbenefits for pupil learning outcomes inthe years ahead. It will support thedevelopment of ICT and STEM relatedlearning in Irish post-primary schoolswhich will ultimately deliver realbenefits for Irish society and its futureeconomic prosperity.”

The national reach of theprogramme has required building newinfrastructure in locations where therewas extremely limited high-speedbroadband availability, including schoolcommunities on four coastal islands.

The broadband service is of anextremely high quality and deliverssymmetrical bandwidth connectivitymeaning it provides equalupload/download speedssimultaneously; an importantconsideration in cloud computing andtwo-way communications such as videoconferencing.

The programme was achieved inco-operation with technology vendorsincluding: AirSpeed Telecom, Digiweb

(Viatel), eircom, enet, ImagineCommunications, UPC, Vodafone, andAgile Networks. HEAnet alsoacknowledge the support of the ESBwhose fibre underpins a significantportion of the national educationnetwork.

The programme is funded by theDepartment of Communications,Energy & Natural Resources and theDepartment of Education & Skills,supported by Ireland's EU StructuralFunds Programme and the EuropeanRegional Development Fund.

Picture04/12/14: JanO'Sullivan(Minister forEducation), Alex White(Minister forCommunications)and John Boland,(HEAnet ChiefExecutive)announcecompletion of100Mbps rolloutto all post-primary schoolsin Ireland.

59

COMMUNITY NEWS

V ideo needs a lot of capacity tobe carried on a network.Traditionally broadcasterssent large teams and vast

quantities of kit to event locations sothat the production can be handled on-site, with only a small number ofproduction feeds having to be sentelsewhere for further production andtransmission – but traipsing staff andequipment round is obviously asignificant and costly exercise.

If broadcasters used IP camerasand also had access to enough networkcapacity such that all camera feedscould be brought back to productioncentres from across the country, thenthis could help overcome thesechallenges.

This is exactly what BBC R&D andour partners – Cisco, Jisc, and VirginMedia Business – did for the 2014Commonwealth Games, courtesy of a100Gbps network spanning three citiesacross the UK.

Rather than most of the workflowbeing handled at the event location, thevideo production took place elsewherein Glasgow whilst the audio productionhappened in London, with the resultingproduction stream being received atanother London site to encode it forDigital Terrestrial Television (DTT) andIP streaming. Salford was also receivingthe streams for monitoring purposesand, if necessary, was able to becomethe backup production location.

To transport the video and audio,we used Source-Specific Multicast(SSM) so that feeds could be receivedanywhere on the network and thebandwidth operated efficiently. We alsoused multicast to allow all the feeds tobe available on-demand at any site.

Each video stream was compressed toaround 1Gbps to ensure that the videoremained high quality.

What we did was highly innovativeand understandably not without a fewteething issues, but with the support ofour partners we were able to fix someinitial problems with the network, andafter that the performance wasexceptional. It truly helped BBC R&D todemonstrate several excitingtechnologies in a high profile live eventwatched around the world.

Networkshop43 takes place at theUniversity of Exeter from 31 March – 2April. The event offers a place fornetwork managers and technical staffin UK education and research to engagewith peers and service suppliers, as wellas hearing expert talks. Other speakersinclude Chris Lintott, professor ofastrophysics and citizen science lead atthe University of Oxford. Visit theevent site for more information.

GOING FOR GOLD ATNETWORKSHOP43Attendees to this year’s Networkshop43 – the annual technical event for education and research hosted by Jisc – will be able to hear how the 2014 Commonwealth Gameswas broadcast in ultra-high definition, using the Janet network. Martin Nicholson, Project Technologist, BBC Research and Development, discusses:

https://networkshop.ja.net


COMMUNITY NEWS

EDUROAM IN THE UKREACHESNEW MILESTONE

WordsEd Wincott, whomanages theeduroam servicein the UK for Jisc

Seamless, robust connectivity isa must for effectivecollaborations acrossinstitutions and even

countries, but this should never be atthe expense of security – as evidencedby the growing popularity of eduroam,the single sign-on network service foreducation and research, amongst UKhigher and further educationinstitutions.

In October 2014 eduroam reacheda landmark when more than 600,000unique devices owned by usersroaming between participatingorganisations were successfullyauthenticated over the UK nationalinfrastructure at least once during themonth. The 608,131 figure reached wasa huge increase even on the monthbefore, when 487,437 were counted. Infact, over the past few years the numberof devices counted roaming betweeneduroam’s member organisations inthe UK has been growing exponentially,almost doubling year-on-year.

If we take an annual view, thenumber of roaming users is even moreimpressive. From December 2013 toNovember 2014 a count of 2,263,576devices (each authenticating onmultiple occasions) was recorded.

This growth can be partlyattributed to the increasing number ofeduroam member organisations. At thetime of writing there were more than225 operational services – a numberthat includes 95% of UK universities,but also 20% of further educationcolleges, and many other leadingbodies that support UK education andresearch. But it’s also reflective of howpeople are choosing to access services,often using their own devices orworking on the go.

The increasing popularity ofeduroam can be quite easilyunderstood. For the user, it ensuresthat they can gain authenticated loginand internet access using a single Wi-Fiprofile wherever the eduroam servicehas been made available by aparticipating organisation. This cansave them time and head off some ofthe frustrations that can arise in gettingnetwork access away from the homenetwork. Member organisations makeefficiency savings too, not least becausethis type of service significantly reducesthe admin workload in managing guestnetwork access accounts for visitors.

Often, though, the downside ofstrategies to foster wider connectivitycan be compromised security.

Certainly, the explosive growth innumbers of users bringing their owndevices has brought with it heightenedconcerns about cyber security. Weknow that education and researchorganisations have very clearrequirements when it comes to thesecurity and reliability of connectivityservices.

Security is a central component ofeduroam. Users are never prompted toenter their credentials onto web pagesthat are vulnerable to being hijackedand used for ‘man-in-the-middle’exploits. Instead, 802.1X standardstechnology, which represents bestcurrent Wi-Fi deployment practice,results in encryption of user credentialsand enables secure authenticationtunnels to be established right back toRADIUS systems at users’ homeorganisations.

61

COMMUNITY NEWS

GET HELP FROMTHE EDUROAMCOMMUNITYOften, organisations find it relativelystraightforward to implement eduroambecause in many cases their existinginfrastructure is already 802.1X-readyand can be reconfigured easily toprovide the service. A good example ofthis is Leeds Trinity University, whichhas adopted eduroam to improve enduser experience for its 3,000 studentsand 400 staff.

Partial wireless coverage and‘hotspots’ of availability were some ofthe restrictions of the previous service,compounded by having to use differentnetworks for different devices. Overallthere was no consistent experience forthe end user.

Matthew Collins, Leeds TrinityUniversity’s IT infrastructure specialist– networking and security, says thatremoving those frustrations was animportant driver. In addition it wasfound that eduroam dovetailed neatlyinto the university’s ongoingdevelopment plans for its infrastructureand security services: “We already usedMicrosoft’s NPS RADIUS solution, andwe could easily configure it to eduroamas it was an extension of what we werealready doing.

“We did research, had animplementation plan and ran usertesting. We tested every device wepossibly could, and invested a lot oftime in creating events aroundeduroam, in a way users wouldunderstand.”

Matthew says that what reallyhelped was learning from others: “I

would advise anyone making the moveto find another institution that uses asimilar technology platform, and use itas a resource. We found a localuniversity which had a similarinfrastructure to us, and got help fromthem when setting it up.”

A key measure of success has beenpositive feedback from end users abouthow easy it now is to connect theirdevices to the network, both on campusand on the move. Those benefits havebeen evident from day one. But lookinga short distance into the future,eduroam will also provide a platformfor the delivery of other services.Matthew says it is already being used toadd value for students in the form ofenabling easier access to Apple TV, andwill support unified communicationsand video conferencing at minimal costwhen the campus is extended.


COMMUNITY NEWS

THE CITY OF CACERES HOSTEDTHE 25TH REDIRIS TECHNICAL CONFERENCE T he 25th RedIRIS Technical

Conference took place from24th to 27th of November in the

Caceres San Francisco CulturalComplex.

The event was supported by theUniversity of Extremadura and the CityCouncil of Caceres and welcomed morethan 400 people from Spanishuniversities, autonomous regionnetworks and research centres.

The opening ceremony was hostedby the Deputy Rector of the DigitalUniversity of the University ofExtremadura, Carmen GarcíaGonzález, accompanied by the DeputyDirector General of Science andInfrastructure Planning of the Ministryof Economy and Competitiveness(MINECO), José Doncel; the Directorof RedIRIS, Tomás de Miguel; theSecretary General of Science andTechnology of the Government ofExtremadura, María Guardiola; and theDeputy Mayor and Councillor forInnovation of the City Council ofCaceres, Jorge Carrasco García.

THEMES:• Models of Institutionally Shared

Services• The University and Global Sciences,

a glimpse of the future• Cloud Storage• Campus Networks and Mobility

Services• Big Data and Open Government

Two plenary sessions were led by theDirector of Communications andSecurity of the Spanish NationalResearch Council (CSIC), VíctorCastelo, and the surgeon specialising inminimal invasive surgery, Jesús Usón.There was also a round table organisedby the Conference of Rectors of SpanishUniversities (CRUE) entitled, “RedIRISand the Universities" and a NetworkedMusic Performance with musiciansplaying in Triestre and Caceres.

This edition of the RedIRISTechnical conference is partnered byfifteen companies, including sponsorsAlcatel-Lucent and Teltek. They willtake part in the event by giving lecturesand demonstrating their products.

The Technical Conference sessionswere preceded by Working Groupsfocussed on the technical staff of theinstitutions affiliated to RedIRIS.

WATCH THEVIDEO SESSIONS: The Working Groups:http://tv.rediris.es/es/gt2014/index.html

The Technical Conference:http://tv.rediris.es/es/jt2014/index.html

More information:http://www.rediris.es/jt/jt2014/

http://www.rediris.es/jt/jt2014/

http://www.rediris.es/jt/jt2014/

http://tv.rediris.es/es/jt2014/index.html

http://tv.rediris.es/es/jt2014/index.html

http://tv.rediris.es/es/gt2014/index.html

http://tv.rediris.es/es/gt2014/index.html

63

COMMUNITY NEWS

THE REFIMEVE+ PROJECT

The REFIMEVE+ project (inFrench, Metrological FiberNetwork with EuropeanVocation +), is based on a

scientific innovation, the ability totransfer an ultra-stable opticalfrequency on Internet over long-distances without any trafficdisruption.

Currently the transfer frequencyfaces the difficulty of transportinginformation without degradation whenclocks are separated by hundreds oreven thousands of kilometers. This canbe made if one of the clocks is

transportable, but this solution ismostly not flexible and hard toorganize. Otherwise, they are madethrough one or more satellites of theGPS (Global Positioning System) ortelecommunication satellites.

The French teams of LPL andSYRTE showed that the clock signaltransmitted on RENATER’s networkbetween Villetaneuse and Reims(roundtrip: 540km) had an exceptionaluncertainty of 2x10-19 which isequivalent of 0.1s in the relation to theage of the universe! This requirescreating a noise correction system

inserted in the link while the signal ispropagating over the optical fiber.

This system will give us thepossibility to compare the groundclocks all across the continent andwhose relative accuracy reaches some10-16 and 10-17 soon.

This project is to generalize thisconcept through close collaborationwith RENATER, to distributethroughout France an ultra-stablefrequency generated at theObservatoire de Paris. REFIMEVE+will be funded until 2020, under thelabel “Future Investments” andinvolves many laboratories: besides theLPL, the SYRTE, RENATER andindustrial partners who design, buildand oversee the network, 17 otherlaboratories including the CNES inToulouse will receive the metrologicalsignal.

REFIMEVE + is a first step to builda network at European level with a firstextension considered to Germany withthe support of the DFN (GermanAcademic Network). Many othercountries are already interested in thispossibility. Effective management ofequipment at European level could beachieved by including the GÉANTAssociation and the GÉANT networkthat interconnect networks such asRENATER and DFN.

For more information, pleasecontact Emilie Camisard [email protected] and Nicolas Quintin [email protected]

http://www.refimeve.fr/

http://www.refimeve.fr/


PicturesProf AnwarOsseyran (right),Wilco Hazeleger(left) Credit:Martijn van Dam.

COMMUNITY NEWS

Big Data is changing bothscience and society. AnwarOsseyran and WilcoHazeleger, directors of

SURFsara and the NetherlandseScience Center respectively, havejoined forces to help reap its harvest.

“Big data doesn’t provide answersby itself”, says Osseyran. “People posethe questions first, when they discernpatterns in the data.” Hazeleger adds:“eScience is not fundamentallydifferent from traditional science, butnow we can provide access tocomputing and storage power – likethat at SURFsara – that used to beprohibitivily expensive.”

An example is NLeSC’s BiomarkerBoosting project: multiple academic

medical centers are pooling theircollections of brain scans to find signsthat predict the onset of Alzheimer’s orParkinson’s disease. To make thispossible, tools are developed toharmonize their data, plus a networkplatform for secure sharing of patientdata for analysis with SURFsara’s cloudtechnology. “Projects like this pose lotsof technological challenges”, saysHazeleger. “But their tools can beadapted to other disciplines, and alsofor government and industry.”

NLeSC is staffed with the people todo just that: eScience researchengineers who are deployed to assistresearchers in their projects, and whoshare the resulting insights with theircolleagues so the seeds of innovationcan be spread around.

But is it enough? Osseyran sighs:“Well... Big Data is indeed gigantic. AndR&D spending in the Netherlands isnow below the EU average.” Thereforecooperation is vital. In addition toSURFsara and the NLeSC, severaluniversities have set up data researchcenters. “We have a national role“, saysHazeleger, “but they often havespecialized knowledge in fields such ashealth or life-sciences. We could shareresources through a federatedinfrastructure and also rotate staff…That would be a great step forward increating a biosystem to nurtureeScience in this country.”

NEW CHALLENGESFOR DUTCH SCIENCEAND SOCIETY

65

COMMUNITY NEWS

“WHAT ARE THE ODDS FOR ACADEMIC CLOUDS”

PATRIK SCHNELLMANN:GIVEN THE BIG GLOBALCLOUD PROVIDERS, WHATARE THE ODDS FOR ASWISS ACADEMIC CLOUD?Edouard Bugnion: There is a bigopportunity to address researchproblems with such a cloud, located inSwitzerland and operated locally.Optimized for academic use, it wouldbe a powerful tool for data scientists.They would use it to analyze largedatasets and meet all legal obligationsregarding data protection. This isparticularly important in sensitiveapplications such as personalizedmedicine that processes genome data.

HOW WOULD SUCH ANINFRASTRUCTURE BEBUILT?Virtualization is essential. Computing,storage and networking need to bevirtualized consequently, movingessential functions from the hardwareto the software resulting in a “softwaredefined data center”. The use ofwhitebox components provides cost-effectiveness, efficiency, and scalabilitywithin each data center location.

CAN A SWISS CLOUD FORTHE ACADEMICCOMMUNITY COMPETEWITH THE BIG PLAYERS?Yes, definitely, because the academiccommunity is not trying to competewith commercial solutions. Instead, thegoal is to serve the specific data scienceneeds of the academic community. Onespecific differentiated goal is to make

Edouard Bugnion is a Professor of Computer Science at EPFL. He states: “There will be blood”, looking at thecurrent dramatic changes in the IT supplier industry. Companies like HP, IBM etc. are losing market share inthe server business. In contrast direct sales from Original Design Manufacturers – the whitebox market – arerising by 25% year-on-year. The buyers are cloud operators like Microsoft and Amazon who build new datacenters at a tremendous pace. With these big players what are the odds for a Swiss academic Cloud?

Patrik Schnellmann from SWITCH (left) spoke to Edouard Bugnion (right).

available interesting and relevant datasets to be shared within the communitywhile ensuring the appropriate dataprotection.

DO THE NATURE OF SWISSDATA PROTECTION LAWSINFLUENCE THE CHOICEBETWEEN THE USAGE OFPUBLIC CLOUDS VERSUSCOMMUNITY CLOUDS?The Swiss data protection laws arequite comparable to those in the EU,but they are just different. Thereforethe Swiss are not a special case buildingtheir own academic cloud. Similarprojects are being done in Ireland byHEANET (while having Amazon, MSdata centres in the same country), theDutch are also going this way as well. Itis more of a case of finding the bestsolution to the needs rather thanenforcing one solution.


Ann Harding currently heads up Trust and Identity work in the GÉANTproject and is a member of the AAI team at SWITCH, the Swiss NREN(National Research and Education Network). She joined in 2007, afterworking for seven years at Irish NREN HEAnet, first as a networkengineer and then as Network Operations Manager.

In November last year, Ann attended the Lusaka UbuntuNetConference as a speaker on GÉANT’s Trust and Identity services. She was inspired by the fresh spirit of the African community – andreturned to Switzerland motivated to encourage more people toexperience events, like this, in developing countries.

CONNECT caught up with Ann to find out why the trip was sorewarding and how it offers opportunities for cross-pollination of ideas and forging valuable, mutually-beneficial partnerships.

QQ&&AA WWIITTHH AANNNN HHAARRDDIINNGG

Q&A

TTEELLLL UUSS AABBOOUUTT TTHHEECCOONNFFEERREENNCCEE??I went to Lusaka to the 7th AnnualUbuntuNet-Connect conference onInfrastructure, Innovation and Inclusionon 13 and 14th November 2014.

The UbuntuNet network is the resultof the AfricaConnect project, which isestablishing points of presence in majorAfrican cities and interconnecting themwith broadband cross-border links.Thanks to this high speed datacommunication network, Africanresearchers, educators and students arenow connected, creating opportunitiesfor innovation and inclusion.

My role was to present on GÉANT’sTrust and Identity services - in particulareduroam and eduGAIN - and the

67

Q&A

WWHHAATT WWAASS TTHHEEEEXXPPEERRIIEENNCCEE LLIIKKEE??It was great. Participants in theconference were interested, engagedand practical. There was a really goodatmosphere aimed at sharing knowledgeand then going back home to get thingsdone. Everyone seems to understandthat results will take work and are willingto do it.

I already received several follow-upcontacts, for example looking to seehow the Federation as a Service modelcould be adapted to work locally in WestAfrica. I really liked how people werefocussed on solving real problems andgetting things done collaboratively.

On the other side, I also got someinteresting and valuable contacts forevolving eduroam as a service to coverincreasingly hard to deploy locations, sothe benefit was definitely in bothdirections.

WWOOUULLDD YYOOUU GGOO AAGGAAIINN??I’d love to, travel budget permitting! I think important seeds have been sownfor a globally interoperable trust andidentity infrastructure and it is importantfor GÉANT to continue collaboration withother world regions.

national and regional developmentconsiderations needed to deploy andtake part. I also took part in a paneldiscussion on what NRENs can do tosupport researchers.

WWHHAATT WWAASS YYOOUURROOBBJJEECCTTIIVVEE??While connectivity is important, it’s onlypart of the toolkit needed for a moderncampus, NREN or student. TheUbuntuNet Alliance have had anexcellent track record in deploying theregional network and connecting globally.

Increasingly, these NRENs arelooking to develop and offer otherservices e.g. the local host for theconference, ZAMREN recently deployededuroam, with the help of colleaguesfrom the Netherlands NREN, Surfnet.

At the same time, their researchersare increasingly demanding facilities sothat their research can compete at aglobal level. Trust and Identity servicesare the next big infrastructurerequirement after the network, but it canbe hard initially to see the potential. I wasable to share some of the successfulstories from GÉANT members to showthe value of these services.

WWHHAATT WWOOUULLDD YYOOUURREECCOOMMMMEENNDD TTHHEE EEUUCCOOMMMMUUNNIITTYY DDOOEESS TTOOHHEELLPP TTHHEE UUAACCOOMMMMUUNNIITTYY??It’s not just GÉANT activity or taskleaders who have something to offer orcan develop some new outlooks.

I really like the type of partnershipapproach such as for the deployment ofeduroam in Zambia. With expertsworking closely together, it eases thedeployment challenges at new sites andalso provides interesting challenges forthe existing services that help usdevelop.

It is also a very sustainable way ofworking and allows the community toreally own their services. A lot can bedone remotely, supported by attendanceat group events such as UbuntuNetConnect or the WACREN conference.

It doesn’t require a very long termcommitment from the EU partner andoffers staff a professional challenge anda perspective on the pioneering spiritrepresentative of the early days ofNRENs and that still continues to driveinnovation.

OOPPEENN CCAALLLLSSPPRROOJJEECCTT PPRROOFFIILLEESSThroughout the last three issues of CONNECT we’ve been profiling the 21 OpenCall projects under the GÉANT innovation programme. We’ve seen an incrediblearray of innovative ideas and exceptional people who are helping to shape thenetworks of the future. Last but not least, here are the final three…

OPEN CALL

The world class GÉANT network is increasingly used tosupport applications requiring very low latency and highbandwidth, such as LoLa and even 4K TV streaming. Trials inthese areas have been successfully conducted in severalcountries.

In some cases, however, it is more difficult to satisfy thehigh performance requirements of these applications, forinstance where the current GÉANT topology does not allow theshortest possible path. In such cases a special network pathmust be set up – an operation that is costly and not alwaysfeasible.The idea at the core of the eMusic project is to use Bandwidthon Demand services, as a cheaper and more widely availableoption to overcome these limitations.

BBOODD FFOORR LLOOWW LLAATTEENNCCYY,,HHIIGGHH BBAANNDDWWIIDDTTHH AAPPPPLLIICCAATTIIOONNSS

EEMMUUSSIICC

eMusic brings together three European academies – theAcademy of Performing Arts in Prague, Conservatorio diMusica Giuseppe Tartini in Trieste, and the Edinburgh NapierUniversity – and their respective NRENs: CESNET, GARR andJANET.

The team has run experiments with networked musicalperformances between the three schools, comparing a besteffort network path to one set up with the BoD service. As ithappens, the standard GÉANT connection has so far held upquite well, but there are more tests to come.

UUllttiimmaatteellyy,, tthhee ooppttiioonn ooff uussiinngg BBooDD ffoorr tthheesseeaapppplliiccaattiioonnss bbrriinnggss uuss aa sstteepp cclloosseerr ttoo wwiiddeesspprreeaadd rreemmootteeccoollllaabboorraattiioonn bbeettwweeeenn tteeaacchheerrss,, ssttuuddeennttss aanndd aarrttiissttss iinnmmuussiicc,, ddaannccee oorr ppeerrffoorrmmiinngg aarrttss iinn ggeenneerraall aaccrroossss EEuurrooppee..


OPEN CALL

The Network Service Interface (NSI) by OGF is emerging as thestandard inter-domain interface for Bandwidth on Demand.The NSI Connection Service version 2.0 has already beenreleased by OGF NSI-WG, bringing new features andsignificant updates to the previous version of the protocol. Thishas given rise to numerous development efforts; however, thechallenge in developing production-ready BoDimplementations of NSI is all but trivial. A referenceimplementation is not available and thorough testing is neededfor current efforts to be sure that when a service is delivered inproduction, it will work as expected.

HHEELLPPIINNGG BBOODD DDEEVVEELLOOPPEERRSS BBRRIINNGGNNSSII TTOO PPRROODDUUCCTTIIOONN

NNSSII--CCOONNTTEESSTT

The NSI-CONTEST project is providing a framework forvalidating these efforts. It is working on the development of aNSI CSv2.0 reference implementation and a Conformance TestSuite. The project is a joint effort by PSNC and the Italianresearch center Nextworks.

“Software development is not an easy process,” saysBartosz Belter, project coordinator, “we are here to support NSIdevelopers with testing of their BoD systems, and compliancewith the standard. If you set up testing in advance, then youcan have early feedback from the platform. This way I think youcan reduce effort and potentially cost for testing externalimplementations.”

One core issue in the area of authentication is how toguarantee high levels of assurance (LoA) while containing costs– in particular, user registration costs.

In person registration is more secure but very expensiveand not user friendly. Remote registration is relatively cheap butmore vulnerable to threats and technically complex, generallyrelying on the availability of trusted sources to cross-referenceand validate the identity assertions provided.

The WoT4LoA project, a joint effort between SURFnet andthe dutch organization InnoValor, is working on a solutionbased on the concept of web of trust (WoT).

EENNHHAANNCCIINNGG AAUUTTHHEENNTTIICCAATTIIOONN WWIITTHH WWEEBB OOFF TTRRUUSSTT

WWOOTT44LLOOAA

The web of trust concept is used to establish theauthenticity of the binding between an authentication solutionand its owner via third party user attests. It can be considereda kind of “crowdsourcing of trust”.

“The idea is to let other people attest claims of a user’sidentity, so we can improve the quality of that identity and raisethe level of authentication,” says Bob Hulsebosch, coordinatorof the project. “So for instance, I could use my mobile phoneas a second factor authentication solution, and then otherusers could confirm that this mobile phone really is mine, so Idon’t have to go to the registration desk to prove that this is myidentity and this is my mobile phone.”

69


GLOBAL NEWS

WWHHAATT DDOOEESS TTHHEE FFUUTTUURREE HHOOLLDD FFOORRTTHHEE EEUUMMEEDDCCOONNNNEECCTT33PPRROOJJEECCTT??

TTHHEE EEFFFFEECCTTSS OOFF TTHHEE AARRAABB SSPPRRIINNGGThe current phase,EUMEDCONNECT3, has beenseverely challenged by the events ofthe Arab Spring. The effects of thewidespread political instability variedfrom country to country but, throughoutthe region, the NRENs have facedchallenges as relationships with theirgovernments, and particularly withfunding ministries, have had to be re-booted. Sadly the specific situation ofSyria currently rules out anyparticipation in normal civil society

Between 2004 and 2011 thefirst two phases of the EU-funded EUMEDCONNECTproject provided a dedicated

Internet network for the research andeducation (R&E) communities acrossthe southern rim of the Mediterranean.This was the first regional R&E projectoutside Europe funded by the EU andpaved the way for similar projects inother world regions.

EUMEDCONNECT successfullyconnected the national research andeducation networks (NRENs) ofAlgeria, Egypt, Jordan, Morocco,

Palestine, Syria and Tunisia with eachother and the European R&Ecommunity connected to GÉANT. The collaboration has been especiallystrong with EUMEDCONNECT’sEuropean partner countries alsobordering the Mediterranean: Cyprus,France, Greece, Italy and Spain. It hasalso provided a gateway for theseSouthern and Eastern Mediterraneancountries’ researchers and students tocollaborate globally in many fieldsincluding tele-medicine, e-learning, bigscience, and environmental researchand monitoring programmes.

WordsDavid West,EUMEDCONNECT3Project Manager

PictureEUMEDCONNECT3partners at projectmeeting in Muscat,December 2014

By Tom Fryer and Helga Spitaler

GGLLOOBBAALL NNEEWWSS

71

GLOBAL NEWS

actions in the foreseeable future. It alsofor a while put on hold Lebanon’splans for developing an NREN andbecoming a EUMEDCONNECTpartner.

As a result, currently only Algeria isconnected to EUMEDCONNECT3 withEC co-funding. While Egypt hasmanaged to re-connect to Europe at itsown cost, the NRENs of the other ENPISouth countries currently have nointernational connectivity at all for R&Enetworking. Consequently, their usercommunities are deprived ofopportunities for collaboratinginternationally and the digital dividebetween the two shores of theMediterranean has been increasingagain.

RREENNEEWWEEDDSSUUPPPPOORRTT AANNDDIINNTTEERREESSTTHowever, not all is doom and gloom,there are encouraging signs. With theexception of Syria, there is renewedinterest amongst the beneficiarycountries for R&E networking as newministries are coming to understandthe value for their scientific and highereducation programmes and that highcapacity connectivity is essential forparticipation in global research andeducation programmes.

These developments have beenfurther accelerated and encouraged ata recent meeting of ICT ministers in theMediterranean region and the EUsupporting the development of thedigital economy. This has concludedwith explicit support forEUMEDCONNECT as a facilitator ofinternational R&E collaborations andthe need for further EU resource to beinjected to enhance its furtherdevelopment (see excerpts of summitdeclaration in the box). Options forincreased EU support for the southern

and eastern Mediterranean are nowbeing actively pursued, and for themto take effect from April 2015 to followon directly from the current stage ofEUMEDCONNECT. It is foreseen thatdetailed plans will be formed duringthe first quarter of 2015.

Last but not least,EUMEDCONNECT continues to counton the active support of ASREN. TheArab States Research and EducationNetwork which was incubated by theEUMEDCONNECT2 project is aproject partner in the current phasewith the remit to provide long termsustainability and develop a pan-Arabregional network. Of theEUMEDCONNECT3 beneficiarycountries Egypt, Jordan, Morocco andPalestine are now ASRENshareholders and the others areinterested in joining. ASREN hasrecently started to establish its own e-Infrastructure supported byEUMEDCONNECT3. It has set up itsfirst hub in London forEUMEDCONNECT and other Arabpartner circuits, has just announcedthe first connection from Jordan to thisLondon PoP, and is planning furtherhubs within the region. ASRENremains a strategic partner forEUMEDCONNECT across the Arabregion and will play an important role inthe plans being prepared for furtherR&E development for the southern andeastern Mediterranean.

CCOOMMMMIITTMMEENNTTTTOOWWAARRDDSS TTHHEEMMEEDDIITTEERRRRAANNEEAANNPPAARRTTNNEERRSSIn conclusion, after a challengingperiod for the region I see renewedinterest in R&E networking to supporthigher education and scientificprogrammes, renewed support fromEurope for its Mediterranean

neighbours, and a major opportunityfor EUMEDCONNECT to facilitateregional R&E networking. ThroughEUMEDCONNECT my organisationhas a long history of supporting theregion. As DANTE we are proud ofhaving brought EUMEDCONNECT intobeing; now merged with TERENA andre-named GÉANT Association we arecommitted to playing our part,alongside ASREN, for the next stage ofthis journey to support a pan-Arabregional research and educationcommunity, and foster cohesion in theregion at a time of considerableinstability.

EEXXCCEERRPPTTSS OOFF TTHHEEMMIINNIISSTTEERRIIAALLDDEECCLLAARRAATTIIOONNOONN TTHHEE DDIIGGIITTAALLEECCOONNOOMMYYThe Ministers expressed theirexplicit support to the ongoingwork streams and projectsrelated to the Digital Economy ofthe Mediterranean such as:

The connections betweenMediterranean countries, inparticular through the jointlyfunded projectEUMEDCONNECT, and the ArabStates Research and EducationNetwork (ASREN). The Ministersagreed that the connection of theresearch and education networksto the European network GÉANTis highly beneficial and thatincreased funding for thispurpose is necessary in order to develop ultra-high speedconnectivity between the EU and the Mediterranean.


GLOBAL NEWS

FFRROOMM PPLLAANNSS TTOO DDEEPPLLOOYYMMEENNTTSS:: FFOOCCUUSS OONN PPAANN--AARRAABB RR&&EE NNEETTWWOORRKK CCOONNSSTTRRUUCCTTIIOONNAATT EE--AAGGEE 22001144

link from Jordan becomingoperational. Further peering contractsare currently being negotiated withseveral Arab partners.

David West, EUMEDCONNECT3project manager at GÉANT,commented: “e-AGE 2014demonstrated growing commitment forR&E across the Arab region, andconcrete actions now being taken. Myorganisation will provide operationalassistance for ASREN’s London PoPand is also intending to help realise thepotential of the exchange point inFujairah. This also reflects the interestof many European universities in R&Econnectivity from Europe to UAE insupport of their remote campuses.”

The 4th “International Platformon Integrating Arab e-Infrastructure in a GlobalEnvironment” – e-AGE 2014 –

took place 10-11 December 2014 inMuscat under the patronage of HHSayyid Taimur Bin As’ad Al Said,Assistant Secretary General forCommunication, The ResearchCouncil, Oman. Running alongside the6th annual meeting of the ArabOrganization for Quality Assurance inEducation (AROQA) the conferenceattracted over 200 high-profileparticipants from over 40 countriesspanning all world regions.

Ministers and senior EC officialsemphasised the importance of e-infrastructure for the development of

research and education across theArab region, as well as cooperationwith Europe and the importance ofsupporting the work of ASREN (theArab States Research and EducationNetwork). Building onEUMEDCONNECT, ASREN sets out toprovide Arab scientists, students andacademics with a gateway toparticipation in world-class researchand education.

At e-AGE 2013 in Tunis theprevious year, ASREN had announcedambitious plans to construct a regionalR&E network and secure long-termsustainability of e-Infrastructures in theregion, including becoming a R&Enetwork provider in its own right. Ayear on, ASREN used e-AGE 2014 totake stock of progress to developregional high-speed connectivity andopen exchange points, such as theArabian Global Education OpenExchange (AGE-OX) in Fujairah andthe ASREN PoP in London which hasrecently seen ASREN’s first 155 Mbps

PictureASRENChairman Dr Talal Abu-Ghazaleh opense-AGE 2014

For more information, includingthe Muscat Declaration and a fullset of presentations, please visithttp://asrenorg.net/eage2014/

http://asrenorg.net/eage2014/

73

GLOBAL NEWS

around the globe. Beyond sharingupdates on our respective networksand organisations, the meetingsprovided an opportunity to focus onuser groups with specific supportneeds, develop common practices tosupport users’ connectivity and otherrequirements, and explore other areasof mutual interest for futurecollaboration.

Following the success of thesevisits, further global partner visits for2015 are planned, starting with theSouth African NREN, where the SKAwill feature highly in the discussion.

Visits to partner R&E networksaround the world are addinga new dimension to GÉANT’sglobal outreach and its

commitment to supporting theincreasing needs of European globalresearch collaborations. Representedacross almost every continent, theseglobal partners include Internet2,ESnet, CANARIE; RedCLARA, CKLN,the UbuntuNet Alliance, TEIN*CC,WACREN, ASREN and CAREN.

Dialogue between the GÉANTcommunity and global partners,supported by GÉANT’s Global Liaisonfunction, focuses on topics such asconnectivity provision, user support

mechanisms, service collaborationand other areas of common interest(e.g. future internet research).

Day-to-day liaison work isconducted virtually and made easyusing high-resolutionvideoconferencing. Globalconferences such as TNC also provideexcellent forums for discussions andmeetings. Now, face-to-face meetingsare playing an increasingly importantrole in GÉANT’s global strategy.

In 2014 global partner visits weremade to RNP (Brazil), Internet2 (USA)and CANARIE (Canada),complementing the usual attendanceof R&E networking conferences

GGLLOOBBAALL PPAARRTTNNEERR VVIISSIITTSS SSTTRREENNGGTTHHEENNGGÉÉAANNTT IINNTTEERRNNAATTIIOONNAALLRREELLAATTIIOONNSSHHIIPPSS


GLOBAL NEWS

GGÉÉAANNTT AATT SSCC1144

and Data Transport consortium. Keithintroduced via live link to astronomersfrom the CSIRO's Astronomy andSpace Science division in Sydney,Australia. They remotely drove thetelescopes at the Murchison Radio-astronomy Observatory (MRO) inWestern Australia to the delight ofpassing delegates.

The viewers were then shown theincoming data in real time as itappeared. Questions from the floorranged from people wanting to know tohow many telescopes will eventually

The GÉANT project secured anexhibition booth in theresearch area of the SC14conference for high

performance computing, networking,storage and analysis delegates. Heldin New Orleans, USA the conferenceattracts over 10,000 attendees.

With the GÉANT project providinghigh-speed connectivity and servicesto the Square Kilometre Array (SKA)via its 500Gbps pan-European networkand truly global reach, it seemed anopportune time to explain to an

enthusiastic New Orleans crowd thecurrent status and future plans tomanage the vast amount of data soonto be generated by SKA.

GÉANT Association is a member ofthe SADT consortium which designsthe data transport networks betweenthe elements of SKA. The consortium ishelping to design the high capacitynetwork that supports the large datagenerated.

The main demo was comperedfrom the SC14 exhibition floor by DrKeith Grainge who leads the Science

An overview, by the GÉANT events team

75

GLOBAL NEWS

be in position in the Australian desertto one seeking a definition of darkmatter. All were answered with goodhumour!

In the hours of darkness inAustralia we viewed live images of theMullard Radio Astronomy Observatoryin Cambridge, England. Keith was ableto control the roboticized telescope viaemail, creating an interesting talkingpoint to those also drawn to the boothby the presence of a decommissionedradio receiver we had on loan fromJodrell Bank. Several other GÉANT services werefeatured at the booth including NSIbased multi-domain connectionprovisioning, to showcase connectionscrossing three OpenFlow domains:EHU-OEF test domain located inSpain, PSNC test domain located inPoland and one geographicallydistributed domain created in theGÉANT testbed.

A demo featuring GÉANT OpenCall project Community Connection(CoCo); one of 21 pioneering projectsexploring new and innovative uses forcollaborating over networks.

A prototype of the CoCo servicewas demonstrated. Jerry Sobieski,Activity Leader of the GÉANT TestbedServices project talked about how thisservice simplifies and streamlines theresearch process, to allow scientists tofocus on their research objectivesrather than the infrastructure.

Also on show was the GÉANTOpen Cloud eXchange which providesa framework and facilities for higherQoS cloud services delivery from the

Cloud Service Providers (CSPs) to theNREN’s customers (universities,research institutes and otherorganisations) and to end-users.

The annual event attracts anunprecedented array of scientists,engineers, researchers, educators,students, programmers, systemadministrators, and developers manyof which stopped by the booth andcollect their CONNECT magazine andlearn a little bit more about GÉANT.

ABOUT GÉANT

GE

AZAR

>=1Gbps and <10Gbps

10Gbps

20Gbps

30Gbps

>=100Gbps

www.geant.net The Pan-European Research and Education NetworkGÉANT interconnects Europe’s National Research and Education Networks (NRENs). Together we connect over 50 million users at 10,000 institutions across Europe.

GÉANT is co-funded by the European Union within its 7th R&D Framework Programme.

BY MDBelarus MoldovaAzerbaijan Georgia

Austria

Armenia

UA Ukraine

GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’s NRENs.

20Gbps

0Gbps1

0Gbps>=1Gbps and <1

00Gbps>=1

30Gbps

20Gbps

GE

ARARARAR AZ

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’s NRENs.14. GÉANT is operated by DANTE on behalf of Europe’GÉANT connectivity as at January 20

Armenia

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20

Armenia

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20

Armenia

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20

Armenia

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’s NRENs.14. GÉANT is operated by DANTE on behalf of Europe’

Azerbaijan

Austria

Azerbaijan

Austria

GeorgiaGeorgiaGeorgiaGeorgiaGeorgiaGeorgiaGeorgia MDMDMDMDBY MoldovaMoldovaMoldovaMoldovaMoldovaMoldovaMoldovaMoldovaMoldova UAUAUA UkraineUkraineUkraineUkraineUkraineUkraineUkraineUkraineUAUAUAUAUAMoldova

EUROPE’S RESEARCH AND EDUCATION DATA NETWORK

GÉANT is the pan-European research and education network that interconnectsEurope’s National Research and Education Networks (NRENs). Together weconnect over 50 million users at 10,000 institutions, supporting research in areas such as energy, the environment, space, health and medicine.

AABBOOUUTT GGÉÉAANNTT:: AANN AATT--AA--GGLLAANNCCEE GGUUIIDDEE


ABOUT GÉANT

AT THE HEART OF GLOBAL RESEARCHNETWORKINGThe GÉANT network has extensive links to other world regions throughcollaboration with further networks, including those in North and LatinAmerica, the Balkans, the Mediterranean, Black Sea, South Africa, Central and Eastern Asia.

www.geant.net

www.twitter.com/GEANTnews

www.facebook.com/GEANTnetwork

www.youtube.com/GEANTtv

JOIN THE CONVERSATION

77

http://www.youtube.com/GEANTtv

https://www.facebook.com/GEANTnetwork

http://www.twitter.com/GEANTnews

http://www.geant.net

ABOUT GÉANT

ENHANCING YOUR EXPERIENCE OF THE NETWORKThe GÉANT project delivers innovative services to enhance users’ experienceof the network. We’re here to support you with a portfolio of advancedconnectivity, network support and access services, designed to meet theneeds of NRENs, institutions, researchers and students. Discover more here:hhttttpp::////wwwwww..ggeeaanntt..nneett//SSeerrvviicceess//PPaaggeess//hhoommee..aassppxx

SERVICES

NNeettwwoorrkkiinngg SSeerrvviicceess GÉANT IP Core IP connectivity between NRENs. Costeffective, reliable, open and independent.

GÉANT Plus Layer2 point-to-point connectivity. Assuredbandwidth, secure.

GÉANT Lambda Layer2 ultra-high capacity point-to-point connections for demanding applications

GÉANT Peering Layer3 IP interconnectivity with 3rd partyproviders.

GÉANT Open Flexible, open Layer2 interconnectivity between organisations

GÉANT L3 VPN Logical virtual IP networking – ideal for one-to-many or many-to-many connectivity.

GÉANT Bandwidth on Demand Flexible “on-demand” layer2 connections toprovide high performance networking

GÉANT OpenFlow Facility A flexible testbed facility to help develop newnetworking services.

UUsseerr AApppplliiccaattiioonn SSeerrvviicceess eduroam® National and International wi-fi roaming. Secure, simple and global.

eduCONF An easy to use directory of VC facilitiesacross Europe.

eduGAIN Federated AAI services offering assured, simple single sign-on.

TToooollss aanndd MMaannaaggeemmeenntt SSeerrvviicceess perfSONAR Multi-domain monitoring service. EnablingNREN NOCs and PERTs to collaborate inproviding seamless network performance for their users.

eduPERT Federated Performance Enhancement Response Teams - helping network users getthe best performance from their connections.

eduPKI Supporting service developers by helpingmanage digital certificates.


ABOUT GÉANT

SHAPING THE INTERNET OF THE FUTUREPart of GÉANT’s role is pushing the boundaries of networking technology toshape the internet of the future. The GÉANT Innovation Programme exists to develop an advanced portfolio of technologies, to develop into services, tools and network capabilities for tomorrow’s researchers.

Here are just a few ways the GÉANT Innovation Programme is driving discovery in networking technology.

THE GÉANT INNOVATIONPROGRAMME

RREESSEEAARRCCHHPPRROOGGRRAAMMMMEESSThe research elements of theGÉANT project focus on three coreareas:

• Network architectures for Horizon 2020

• Technology testing for advanced applications

• Identity and trust technologies

By being technology and supplierneutral, these research activitiescontribute greatly to thoughtleadership in networking servicesacross Europe.

OOPPEENN CCAALLLLThe Open Call projects bring in freshideas and support new uses of thenetwork. €3.3m is being investedinto 21 independent projects forresearch into advanced networkingtechnologies. In support of theHorizon 2020 aims, each project isaligned to one of the GÉANT JointResearch Activities. The four subject areas are:

• AApppplliiccaattiioonnss aanndd TToooollss – supporting advanced research activities and projects.

• AAuutthheennttiiccaattiioonn – helping support secure end-to-end authentication of systems and people.

• NNeettwwoorrkk AArrcchhiitteeccttuurree aanndd OOppttiiccaall PPrroojjeeccttss – studying future networking systems.

• SSDDNN - exploring Software Defined Networking potential to

meet new networking demands.

TTEESSTTBBEEDDSS“Testbeds as a Service” providestwo types of testbed capabilities tosupport the network researchcommunity. Dynamic PacketNetwork Testbed Service supportsupper layer network research, andthe Dark Fibre Testbed providesphotonic layer long haul facilitiesfor testing novel optical/photonictechnologies in the field.

SSTTAANNDDAARRDDSSThe use of standards andinformation from standards bodiesare essential to the development ofGÉANT services to ensureinteroperability with services of othernetworking organisations. Membersof the GÉANT project haveleadership roles in the OGF (OpenGrid Forum) and IETF (InternetEngineering Task Force) standardsorganisations and make significantcontributions to the formation ofstandards.

TTAASSKK FFOORRCCEESSTask forces (TFs) and special interestgroups enable experts from thewider GÉANT community to shareknowledge in such areas as securityand mobility. These provide input tothe definition of new R&D projectactivities and Open Calls, and offerfeedback on existing projectdevelopments. They provide an agileway for GÉANT to capture emergingideas and a fast and efficientmechanism to pilot them beforeassessment and formal inclusion in the project work-plan.

AASSPPIIRREEFFOORREESSIIGGHHTTSSTTUUDDYYASPIRE (A Study on the Prospectof the Internet for Research andEducation) providesrecommendations to policy anddecision makers on topics likely tohave a significant impact for thefuture of research and education(R&E) networking. For instance:

• The adoption of cloud services• The integration of mobile

services into NRENs service portfolios

• Middleware and managing dataand knowledge in a data-rich world

• The future role of NRENs

The final report can be downloadedfrom the TERENA website:wwwwww..tteerreennaa..oorrgg//ppuubblliiccaattiioonnss

79

wwwwww..ggeeaanntt..nneett

This document has been produced with the financial assistance of the European Union. The contents of this document are the sole responsibility of GÉANT and can under no circumstances be regarded as reflecting the position of the European Union. CONNECT/0215