THE MAGAZINE FROM THE GÉANT COMMUNITY | ISSUE 16 JULY 2014

NEW PHYSICS:GÉANT’S GLOBALLINKS SUPPORTJAPAN-BASEDBELLE IIEXPERIMENT

EXCELLENT HAT TRICK:GÉANT RECEIVESHIGHEST RATING FORTHIRD YEAR IN A ROW

ILLUSTRIS SIMULATION:GÉANT HELPS WITH 13.8BILLION YEARS OF DATA

BOOSTING INNOVATION:OPEN CALL PARTNERSPUSH THE BOUNDARIESIN SOFTWARE DEFINEDNETWORKING

CCOONNNNEECCTT

CCOONNNNEECCTT NNEEWWSSGGÉÉAANNTT && TTEERREENNAA CCoommmmuunniittyyAAwwaarrddss aannnnoouunncceedd

0044

QQ&&AA IIvvaannaa GGoolluubbiinntteerrvviieeww

2266

CCOONNTTEENNTTSSCCOONNNNEECCTT NNEEWWSSTThhee rreessuullttss ooff oouurrrreeaaddeerr ssuurrvveeyy

0022

TTEECCHHNNIICCAALLIINNSSIIGGHHTT 2288

CCOONNNNEECCTT NNEEWWSSEExxcceelllleenntt HHaatt TTrriicckk!!

0033

OOPPEENN CCAALLLLSSPPuusshhiinngg tthhee bboouunnddaarriieessiinn SSooffttwwaarree DDeeffiinneeddNNeettwwoorrkkiinngg

1133

CONNECT is the quarterly magazine from the GÉANTcommunity; highlighting key areas of interest, updates on the project and its vital work supporting European researchand education. We give insights into the users who dependon the network, and the community that makes GÉANT whatit is. We welcome feedback at connect@geant.net

Published by the GÉANT (GN3plus) project, under the NA2 Communications Activity Task 1 | Editors: PPaauull MMaauurriiccee ((TTaasskk LLeeaaddeerr)) aanndd TTaammssiinn HHeennddeerrssoonn ((MMaarrkkeettiinngg OOffffiicceerr))..

Hyperlinks: CONNECT is produced as a digital magazine also made available in print. To view the digital edition and benefit from hyperlinks to further information, please see: http://connect.geant.net

For digital or printed subscriptions/unsubscriptions email connect@geant.net

Cover image © KEK 2014

eedduurrooaamm®® iiss aa rreeggiisstteerreedd ttrraaddeemmaarrkk ooff TTEERREENNAA aanndd aallll ootthheerr bbrraanndd,, ccoommppaannyy aanndd pprroodduucctt nnaammeess aarree ttrraaddeemmaarrkkss ooff tthheeiirr rreessppeeccttiivvee oowwnneerrss..

01

AABBOOUUTTGGÉÉAANNTT AAnn aatt--aa--ggllaanncceegguuiiddee ttoo tthheeGGÉÉAANNTT pprroojjeecctt

4499

UUSSEERRSSIIlllluussttrriiss -- TThhee mmoossttccoommpplleettee ssiimmuullaattiioonn ooff oouurr uunniivveerrssee

0088 UUSSEERRSSBBEELLLLEE IIII –– NNeewwPPhhyyssiiccss tthhrroouugghhccoollllaabboorraattiioonn

1100

GGLLOOBBAALL NNEEWWSSNNeewwss aanndd uuppddaatteess ffrroommGGÉÉAANNTT’’ss gglloobbaall ppaarrttnneerrss

4466CCOOMMMMUUNNIITTYYNNEEWWSSRRoouunndd uupp ffrroomm oouurr ppaarrttnneerrss

3344

WHAT’S NEW?In this issue, we’re introducing a newsection which will look a little deeper‘under the hood’ (page 28) and weare continuing with our Open Callproject partner showcase, (page 13),to introduce the people and projectsthat are such an important part of theGÉANT Innovation Programme. Asthe GÉANT project works to drive theinternet of the future, these projectswill bring in fresh ideas and supportnew users of the network.

We hope you enjoy this issue andwe look forward to hearing from youvia connect@geant.net

value of GÉANT and its NRENpartners? High-speed globalconnectivity has never been moreessential to the advancement ofscience.

On page 8, you’ll learn aboutIllustris, the world’s mostcomprehensive, detailed and accuratesimulation of the universe. A mind-blowing achievement which will go onto support a whole host ofcosmological experimentation anddiscovery.

YOUR THOUGHTSWe thought it was about time to findout what you, our readers think aboutCONNECT. We asked you to behonest and tell us the good, the badand the ugly. We had a greatresponse, and thankfully, the majorityof responses were highly positive!Turn to page 2 to find out how we planto improve over coming issues.Thanks again to everybody who took part.

EEddiittoorrssPaul Maurice & TamsinHenderson

WWEELLCCOOMMEE FFRROOMM TTHHEE EEDDIITTOORRSS

We launch the summerissue of CONNECT withthe great news that theGÉANT project has for

the third year running been rated‘Excellent’. This coveted grade wasunanimously awarded by anindependent panel at this year’sEuropean Commission review inBrussels. Congratulations once againto everybody in the project! You canread the full story on page 3.

AMAZING STORIES OFCOLLABORATIONThe number of exciting collaborativeprojects we can report on seems to beconsistently growing as high-speednetworks increase in speed andcapacity to support data drivenscience. Our cover story is yet anotherfantastic example. More than 570physicists in 97 institutions fromacross 23 countries are workingtogether on the BELLE II experimentwhich is searching for ‘new physics’.What better way to demonstrate the

CONNECT NEWS

02 CONNECT ISSUE 16 JULY 2014

Thanks to all our loyal readers for all your great feedback. The survey is still open here:hhttttppss::////wwwwww..ssuurrvveeyymmoonnkkeeyy..ccoomm//ss//GG55VVFF99HH66

CCOONNNNEECCTTRREEAADDEERR SSUURRVVEEYYWWEE AASSKKEEDD YYOOUU FFOORR YYOOUURR TTHHOOUUGGHHTTSS OONNCCOONNNNEECCTT AANNDD YYOOUU GGAAVVEE TTHHEEMM TTOO UUSS!!

TTHHEE RREESSUULLTTSS AARREEPPOOSSIITTIIVVEE72% of respondents view CONNECTonline and 60% also read it in print. And from your comments it looks likewe’re doing a few things right!

““II vveerryy mmuucchh lliikkee tthhee hhoommee ssttoorriieessaanndd tthhee iinnssiigghhttss iinnttoo tthhee wwoorrkkiinnggss ooff tthhee GGÉÉAANNTT pprroojjeecctt..””

““II lliikkee tthhee IInntteerrvviieewwss wwiitthh GGEEAANNTTppeeooppllee aanndd ssttoorriieess aabboouuttppaarrttiicciippaattiioonn iinn eevveennttss,, pprroojjeeccttssuucccceessss ssttoorriieess,, eettcc..

““SSttoorriieess aabboouutt hhooww GGÉÉAANNTT cchhaannggeess tthhiinnggss..””

Many of you regularly read CONNECT to gain valuable insight into the project.Well over half of respondents agree thatthe magazine is a useful way tocommunicate the project of which 24%strongly agree. (The others couldn’tdecide, but nobody disagreed!).

““FFaavvoouurriittee aassppeeccttss iinncclluuddee:: tthheevvaarriieettyy ooff ttooppiiccss aanndd tthhee iinntteerrvviieewwsswwiitthh iinnddiivviidduuaallss iinn tthhee pprroojjeeccttppaarrttiiccuullaarrllyy sshhoowwiinngg tthheeiirr ppeerrssoonnaall ssiiddee..””

UUNNDDEERRSSTTAANNDDIINNGGTTHHEE GGÉÉAANNTTPPRROOJJEECCTTA whopping 88% of respondentsunderstand more about the GÉANTproject as a direct result of readingCONNECT.

““II lliikkee tthhee iinnssiigghhttss iinnttoo tthhee aarreeaass tthhaatt II aamm lleeaasstt iinnvvoollvveedd iinn,, iitt hheellppss ttoo ggeettaann oovveerrvviieeww ooff wwhheerree wwee aarree..””

You gave praise for offering a wideperspective on research and educationnetworking, for case studies that makethe story more relevant and for

IINNTTEERREESSTTSSWhile many commented on the goodcontent and wide range of topics, someof you asked for more technical depth,focus on best practice, and educationalstories to explain how services canassist in specific scenarios.

““HHooww aabboouutt ssoommee eedduuccaattiioonnaallmmaatteerriiaall,, ssoommeetthhiinngg lliikkee ""AAddvviisseerrss"" oorr ""tthhee ttiipp ooff tthhee ddaayy??””

We will be introducing more technicalcontent over the coming issues, with adedicated section to address theseareas. If you have an area you’d like toknow more about, please email the editors.

GGEETTTTIINNGG CCOONNNNEECCTTOOUUTT TTHHEERREEYou told us you’d like more options forreading CONNECT. Currently, you candownload it as a full PDF on theCONNECT home page(ccoonnnneecctt..ggeeaanntt..nneett) or view it in ISSUUto read booklet style.

Printed copies are available to anyonefree of charge, and they are delivered tosubscribers and NRENs every quarter.You can order copies on a regular basisor for specific events.

Many of our subscribers leave them inreception and communal areas or usethem to attract customers at exhibitions.

““CCOONNNNEECCTT aallwwaayyss fflliieess ooffff tthheesshheellvveess aatt iinndduussttrryy eexxhhiibbiittiioonnss!!””

If you’d like to be added to ourdistribution list to receive a digital copyor if you’d like printed copies, we canhelp! Please drop us an email us atccoonnnneecctt@@ggeeaanntt..nneett

highlighting the people, projects andresearch that you may never have heardof otherwise.

DDEESSIIGGNNWe’re happy to hear over 94% ofrespondents rate CONNECT as good orbetter. In fact 46% voted it ‘very good’and 20% ‘excellent’! Positive feedbackfor the overall layout and finish,reinforced with praise for quality, coverimagery and graphic design came outstrongly.

““MMuullttiiccoolloouurr,, mmuullttiiffaacceetteedd,,iinnffoorrmmaattiivvee,, ffrreesshh,, ccoonnvviinncciinngg!!””

A few people mentioned too many‘confusing colours’, so in the future we'restreamlining the colour coding and stickingto light backgrounds for easier reading.

Opinion was divided on the quality of thepages. Whilst some feel it is too glossy,others consider this to add weight to theGÉANT brand and help attract attention,particularly at industry events. Althoughwe cannot please everyone, we will bearit in mind and always do our best toensure there is substance behind the style.

YYOOUU WWAANNTT MMOORREEPPEEOOPPLLEEPeople love to read about people.Human interest gives a depth of insightwe can all relate to. Many of you told ushow much you enjoyed the people-based features, so it comes as nosurprise that this was high on the list ofthings you asked for more of. We’reintroducing more ‘day in the life’ articlesand Q&As. Could you be next? We’dlove to hear from you!

““AArrttiicclleess aabboouutt ppeeooppllee ggiivvee aa ffeeeelliinnggooff ‘‘kknnoowwiinngg’’ ((tthhee pprroojjeecctt)) aanndd tthhoosseebbeehhiinndd aallll tthhee ggoooodd wwoorrkk..””

““LLiikkee ttoo hhaavvee mmoorree uusseerr ssttoorriieess aannddddaayy ttoo ddaayy lliiffee ooff ppeeooppllee iinn tthhee pprroojjeecctt..””

PictureLinda Mesch,Project Manager,GÉANT

CONNECT NEWS

03

EEXXCCEELLLLEENNTTHHAATT TTRRIICCKK!!EECC AAWWAARRDDSS HHIIGGHHEESSTT RRAATTIINNGGTTOO GGÉÉAANNTT PPRROOJJEECCTT FFOORRTTHHIIRRDD YYEEAARR RRUUNNNNIINNGGThe GÉANT community celebrated inJune as the European Commissiondelivered its verdict for the first year ofGN3plus, which is the current iteration ofthe GÉANT project. This is the third yearrunning that the GÉANT project hasbeen awarded an ‘Excellent’ rating.

The independent panel took just halfan hour to conclude the result, followinga packed week of presentationsrepresenting all areas of the GÉANTproject. An ‘excellent’ rating is highlysought after, with only 10 per cent ofEC-funded projects reaching this grade. Niels Hersoug and Matthew Scott, JointProject Managers, GÉANT, said:

““AAnnyy pprroojjeecctt wwiitthh nneeww aaccttiivviittiieess,, nneewwssttrruuccttuurreess aanndd nneeww ppeerrssoonnnneell wwaassaallwwaayyss ggooiinngg ttoo bbee cchhaalllleennggiinngg,,eessppeecciiaallllyy oonn tthhee bbaacckk ooff ttwwoopprreevviioouuss ccoonnsseeccuuttiivvee ‘‘EExxcceelllleenntt’’rraattiinnggss.. SSoo wwee aarree ddeelliigghhtteedd ttoo hhaavveebbeeeenn rreeccooggnniisseedd ffoorr mmaaiinnttaaiinniinngg aavveerryy hhiigghh lleevveell ooff ppeerrffoorrmmaannccee.. IItt’’sscclleeaarr tthhaatt tthhee ccoommbbiinnaattiioonn aannddbbrreeaaddtthh ooff eexxppeerrttiissee bbeeiinngg ddeevveellooppeeddaaccrroossss tthhiiss ccoollllaabboorraattiioonn iiss vveerryyppoowweerrffuull aanndd ffuunnccttiioonniinngg mmoorreeeeffffeeccttiivveellyy aanndd ddeelliivveerriinngg bbeetttteerrrreessuullttss tthhaann eevveerr bbeeffoorree..””

According to the reviewers, Year 1 ofGN3plus was a well-managed projectthat demonstrated a good level ofcooperation, innovation and flexibility.They gave particular praise to suchareas as dissemination and outreach;Product Lifecycle Management; and thedevelopment, delivery and increasedpromotion of services.

Positive feedback was received forstandardisation throughout the project,with a shift towards a more product-focused approach and for the projectsoverall ability to extend innovationthrough Open Calls.

Matthew Scott said:

““WWhhaatteevveerr rroollee yyoouu ppllaayy iinn tthhiisspprroojjeecctt pplleeaassee nnoottee tthhaatt tthhiiss rreeaallllyy iiss aaccoolllleeccttiivvee aacchhiieevveemmeenntt aanndd oonnee tthhaattwwee hhooppee yyoouu aarree aallll ccoonnttrriibbuutteedd ttooaanndd oonnee tthhaatt wwee hhooppee yyoouu aarree aalllljjuussttiiffiiaabbllyy vveerryy pprroouudd ooff.. WWee hhaavvee aannaammbbiittiioouuss aanndd eexxcciittiinngg yyeeaarr aahheeaadd aasswwee pprreeppaarree tthhee wwaayy ffoorr GGNN44 [[tthheepprrooppoosseedd ssuucccceessssoorr ttoo GGNN33pplluuss]]..WWiitthh tthhee eenneerrggyy aanndd ddeeddiiccaattiioonneevviiddeenntt iinn tthhee aacchhiieevveemmeennttss ooff yyeeaarr 11,, wwee sshhoouulldd aanndd ccaann sseett oouurrssiigghhttss hhiigghh..””

A two page document, 'The GÉANTProject (GN3plus) Year 1 Highlights' isavailable to download here:wwwwww..ggeeaanntt..nneett//RReessoouurrcceess//MMeeddiiaa__LLiibbrraarryy

04 CONNECT ISSUE 16 JULY 2014

CONNECT NEWS

GGÉÉAANNTT AANNDD TTEERREENNAA HHOONNOOUURRRREESSEEAARRCCHH AANNDD EEDDUUCCAATTIIOONNNNEETTWWOORRKKEERRSS WWIITTHH 22001144CCOOMMMMUUNNIITTYY AAWWAARRDDSS

GÉANT and TERENApresent CommunityAwards to people whohave shared their ideas,expertise and time incollaboration with theresearch and educationnetworking community,recognising that suchcontributions are oftenprovided voluntarily andthrough the good will oftheir employer. Jan Meijer (UNINETT, NO) and StefanWinter (RESTENA, LU) received thisyear’s Community Awards followingopen nominations and selection by apanel of judges. Karel Vietsch (lateSecretary General of TERENA) was also,posthumously, awarded. Dorte Olesen(Technical University of Denmark), aformer TERENA president and now chairof the GÉANT NREN Policy Committee,presented the awards on behalf of thejudges during the closing plenarysession of the TERENA NetworkingConference (TNC2014) on Thursday 22 May.

Jan Meijer was lauded for sharing anidea that was discussed under his

FFUURRTTHHEERRIINNFFOORRMMAATTIIOONNDetails are available viahhttttpp::////wwwwww..tteerreennaa..oorrgg//aabboouutt//ppeeooppllee//aawwaarrddss//

In addition to Dorte Olesen, the 2014 judges were:

Pierre Bruyère (Belnet, BE),TERENA President;

John Boland (HEAnet, IE),CEO of the TNC2014 hostorganisation;

Erik Huizer (SURFnet, NL),Chair of the TNC2014 Programme Committee.

Karel demonstrated his commitment tothe community by leaving it a legacy inthe form of the 'Vietsch Foundation',which aims to stimulate the community’swork in future. The Community Awardjudges acknowledged Karel'sextraordinary dedication by honouringhim posthumously, after he passedaway on 23 February 2014. For furtherinformation about the VietschFoundation, please contact ValentinoCavalli: ccaavvaallllii@@tteerreennaa..oorrgg

WordsLaura Durnford,SeniorCommunicationsOfficer, TERENA

PictureFrom left to right,ValentinoCavalli, StefanWinter, DorteOlesen and JanMeijer

chairmanship in the TERENA task forceTF-Storage, and developed into theopen-source FileSender software underJan's leadership. This simple-to-use,federated, web-based application allowsusers to privately share large filesthrough a trusted intermediary.FileSender is now deployed by almost40 NRENs, institutions and otherorganisations around the world.www.filesender.org

Stefan Winter was honoured forhelping develop eduroam® – the secure,world-wide roaming access service forresearch and education. With roles inGÉANT and the TERENA task force TF-MNM, Stefan led standardisation work,strove for federated solutions, andproposed and developed tools such asF-Ticks for statistics collection and CAT,the universal eduroam configuration tool.Almost 600 institutions have signed upto CAT, with 500,000 end users runninga secure configuration that required noeffort from them.https://cat.eduroam.org/

In May 2013 Karel Vietsch receivedDutch royal recognition for hiscontributions to research and educationnetworking, when he was appointed anOfficer in the Order of Orange-Nassau.His work had influenced prominentInternet organisations and initiatives, and

EE--IINNFFRRAASSTTRRUUCCTTUURREE SSUUMMMMEERRWWOORRKKSSHHOOPPSS SSUUPPPPOORRTT EEAASSTTEERRNNPPAARRTTNNEERRSSHHIIPP DDEEVVEELLOOPPMMEENNTT

CSIRTs (Computer Security IncidentResponse Teams) in the GÉANTenvironment.

The following days included a half-day GÉANT Services Workshop oncampus best practices in wirelessnetworks. This was a ‘crash course’covering the most important aspects ofWi-Fi wireless network deployment andincluded live demonstrations and thesharing of practical experiences, with aparticular focus on the eduroam service.The final day-and-a-half was a federatedidentity technology workshop aimed atmanagers and IT leaders. The objectivewas to educate attendees on policyissues, business case and deploymentoptions related to the development andsupport of pan-European and globalidentity e-infrastructures.

“As the Technical University of Sofiahad just joined eduroam and the SofiaUniversity was in the process of enablingeduroam, it really was a good time toget together and discuss bestpractices", said Jari Miettinen ofCSC/Funet, who leads the Campus

Best Practices task. "The workshopsprovided a great opportunity forinternational multi-directional informationexchange and community building. Allthe partners, their expertise andcontributions are needed in theEuropean co-operation."

Brook Schofield, the TERENAProject Development Officer withresponsibilities in various project tasks,explained that "members of the EasternPartnership and their neighbouringcountries had not been involved inbuilding the body of knowledge aroundidentity federations, so these eventscompressed 10 years of experience toensure their roadmap accelerates theirparticipation in the global federationinfrastructure."

Follow-up workshops to providemore in-depth technical training in allthese areas are being organised. Thefirst will align with the joint RoEduNet-RENAM conference in Chisinau,Moldova, on 11-13 September. To stayup to date with developments, see:wwwwww..tteerreennaa..oorrgg//aaccttiivviittiieess//ddeevveellooppmmeenntt--ssuuppppoorrtt//wwoorrkksshhooppss//

With roles in the GÉANTproject’s tasks on DigitalInclusion, Campus BestPractices, and User

Access and Applications, TERENA co-operated with CEENet, BREN andCSC-Funet to organise a series ofworkshops for NRENs and institutionsfrom Eastern Partnership countries, withfunding from EC Platform 4. The mainobjective is to transfer tools andknowledge, so these countries can jointhe growing global community ofinterconnected NRENs. Almost 50people from ten Partnership and otherEastern European countries participatedin the first workshops, which were heldin Sofia, Bulgaria, from 16-20 June.

The first three days were aimed atstaff from NOCs (Network OperationCentres) and featured a GÉANTTechnical Workshop focused onnetwork security training. Participantslearned how to implement securitypolicies, how to select and operatesecurity tools needed in daily networkmanagement and how to operate

WordsLaura Durnford,SeniorCommunicationsOfficer, TERENA

PictureSofia, Bulgaria

05

CONNECT NEWS

06 CONNECT ISSUE 16 JULY 2014

CONNECT NEWS

NNEEWW EE--IINNFFRRAASSTTRRUUCCTTUURREE CCOOLLLLAABBOORRAATTIIOONN CCOOMMMMIITTTTEEEE TTOOEENNSSUURREE CCOOLLLLAABBOORRAATTIIVVEE OOPPPPOORRTTUUNNIITTIIEESS AARREE MMAAXXIIMMIISSEEDD

CCOOOORRDDIINNAATTIINNGG EE--IINNFFRRAASSTTRRUUCCTTUURREESSAACCRROOSSSS EEUURROOPPEE GÉANT’s role as a key enabling e-infrastructure involves extensivecollaboration with other Europeanpartners. Now, in a move to ensurecollaborative opportunities inHorizon2020 with other e-infrastructuresare coherently investigated andcoordinated with the planning of GN4(the proposed next-generation ofGÉANT project), the E-infrastructureCollaboration Committee (EICC) hasbeen formed, with members havingexperience not only in networking, butalso in computing, storage and cloudactivities.

Therefore the role of the EICC – whowill work closely with the GN4 WorkingGroup, the group working on the

WordsPaul Maurice,SeniorCommunicationsOfficer, DANTE

proposal for the next-generation ofGÉANT project – is to look further intowhere Horizon2020 calls invitecollaboration between different publiclyfunded e-infrastructures in Europe.Where concrete calls are found, theEICC should ensure coordinationbetween such project proposals and therelevant activities in the proposed next-generation GÉANT project, such thatoverlap is avoided and activities arecomplementing each other under thecommon umbrella of the GÉANTstrategy for the areas in question. It istherefore anticipated that the activitieswithin that project would be linked asclosely as possible with the collaborativeopportunities.

The appointed members of theEICC are as follows: • Jan Gruntorad (Chair, CESNET)• Valentino Cavalli (TERENA)• Marco Paganoni (GARR)• Simon Leinen (SWITCH)• Josva Kleist (NORDUnet)• Marko Bonac (ARNES)• Ivan Maric (Srce-CARnet)

Dorte Olesen, Chair of the NREN PCand GN4 Working Group, adds, “I amdelighted the EICC has been formedwith so many outstanding members ofour community volunteering to be partof this valuable work. I believe this areais crucial for the coming years. A specialthank you goes to the Chair, JanGruntorad, who has taken up thischallenging task.”

07

CONNECT NEWS

EEGGII AANNDD GGÉÉAANNTT SSYYMMPPOOSSIIUUMMOONN FFEEDDEERRAATTEEDD CCOOMMMMUUNNIITTYYCCLLOOUUDD SSEERRVVIICCEESS FFOORR EE--SSCCIIEENNCCEE

1. AAAAII: authentication and authorization requirements for cloud tools and services, cloud storage and other user facing services dealing with privacy as well as management of data access to sensitive data.

2. DDaattaa aannaallyyssiiss ppllaattffoorrmmss: user community requirements for platforms needed to execute workflows, requirements for underpinning IaaS services.

3. SSttoorraaggee aanndd ddaattaa ttrraannssffeerr: use cases and requirements for cloud storage services including federated storage, data replication and transfer.

4. RReessoouurrccee ppllaacceemmeenntt: use cases and requirements for policy-based resource placement in order to submit workloads to clouds hosting specific datasets, adhering to security policies and regulations andsupporting specific SLAs.

5. UUsseerr--ffaacciinngg sseerrvviicceess: services that cloud providers and more broadly e-infrastructures should provide to their users, such as user-friendly

tools to manage the allocated resources, to access aggregated information about resources availability, resource usage or platforms available for deployment.

6. NNeettwwoorrkk sseerrvviicceess: use cases and requirements for software-defined networks, bandwidth on demand, virtual private networks and other advanced network services.

The deadline for submission of abstractsis 19 August 2014 and successfulapplicants will be notified by 29thAugust.

Registration for the symposium isfree but spaces are limited so earlyregistration is recommended.

In September, as part of EGI'sConference on Challenges andSolutions for Big Data Processing,EGI and GÉANT are jointly organizing

a two-day Symposium on federatedcloud services to support the EuropeanResearch Area.

The Symposium takes place from25 to 26 September 2014 at theAmsterdam Science Park in theNetherlands and is focused at:

• User communities with cloud service requirements

• Community and commercial cloud providers and integrators

• Cloud technologists.

GÉANT and EGI are inviting cloudproviders, integrators of communityclouds offerings, cloud specialists, cloudusers and other stakeholders from theresearch and education community toparticipate by submitting proposals forpresentations and workshops in thefollowing tracks:

WordsKarl Meyer,ProductMarketing andCommunicationsOfficer

For more details on thesymposium, registration andsubmission of proposals visit.hhttttppss::////iinnddiiccoo..eeggii..eeuu//iinnddiiccoo//ccoonnffeerreenncceeDDiissppllaayy..ppyy??oovvww==TTrruuee&&ccoonnffIIdd==22116600

IILLLLUUSSTTRRIISS,, TTHHEE MMOOSSTTCCOOMMPPLLEETTEE SSIIMMUULLAATTIIOONNOOFF HHOOWW OOUURR UUNNIIVVEERRSSEEEEVVOOLLVVEEDD

In May this year, scientistscollaborating in the US, Germany, andthe UK announced they had createdthe most complete simulation of how

the universe evolved.The Illustris project is a time-lapse

simulation, which traces the history ofthe universe, as we know it, startingsoon after the Big Bang right through tothe present day. It captures 13.8 billionyears of evolution and is the mostextensive and comprehensive physicalmodel of the universe we have yet seen.

Cosmologists have been creatingcomputer models of the universe forover two decades. Only now has a truesimulation like this been possible due tothe immense computing power andmassive bandwidth required to handlethe vast amounts of data.

To put this spectacular achievementinto perspective, it would take a singlestate-of-the-art desktop computer morethan 2,000 years to run the simulation.

Today, supercomputers and the high-capacity GÉANT network made thispossible in just three months.

Bringing together ten researchersfrom three different countries, Illustrisdemonstrates how powerful, high-speedbandwidth is removing the boundariesof today’s internet and acceleratingglobal scientific discovery.

CONNECT spoke to ProfessorVolker Springel from the HeidelbergInstitute for Theoretical Studies, to findout a little more about the project.

IINN AA NNUUTTSSHHEELLLL WWHHAATT IISS IILLLLUUSSTTRRIISS??The Illustris project is a massivecosmological simulation, which shows acubic chunk of the universe inunprecedented fidelity. It measures 350million light-years on each side andcontains more than 40,000 well-resolved galaxies.

HHOOWW DDOOEESS IITT DDIIFFFFEERRFFRROOMM PPRREEVVIIOOUUSSSSIIMMUULLAATTIIOONNSS?? Unlike previous simulations, where theresult is a rough approximation of whatastronomers see, Illustris comes up witha universe much like the real one. Manyof the simulated galaxies match thegalaxies in the real universe, whichconfirms the standard theory ofcosmology.

It also demonstrates how the firstgalaxies formed around clumps of themysterious substance, ‘dark matter’,backing the theory that dark matter isthe scaffold on which the visible universeis hanging.

WWoorrddss aannddIInntteerrvviieewwTamsinHenderson,GÉANT

IImmaaggeessIllustris Simulation

USERS

08 CONNECT ISSUE 16 JULY 2014

As you can imagine, as well asconnecting ten different researcherssituated in different continents, a projectof this scope also requires access tovast computing resources. We usedseveral months of computing time atmultiple computing centres. Forinstance, we used 20 million core hourson the PRACE HPC resources in Franceand Germany, including the CURIEsupercomputer at CEA/France and theSuperMUC at the Leibniz ComputingCentre, Germany.

WWHHYY AARREE HHIIGGHH--SSPPEEEEDDNNEETTWWOORRKKSS SSOOIIMMPPOORRTTAANNTT??With so much data and so manyresearchers needing to collaborateseamlessly, reliable and high-capacitybandwidth was critical. GÉANT and itsNREN (National Research andEducation Network) partners, in thiscase Janet in the UK, RENATER inFrance and DFN in Germany, providedthe fast, reliable and convenient500Gbps bandwidth that helped usrealise the most ambitious project of this kind seen thus far.

WWHHAATT’’SS TTHHEE PPUURRPPOOSSEEOOFF TTHHEE PPRROOJJEECCTT??Galaxy formation is one of the mostimportant unsolved problems incosmology today. Illustris help us tobetter understand how stars andgalaxies form.

It provides important insights intothe rate at which certain types ofgalaxies develop and helps cosmologistslearn more about the ‘dark energy’ thatwe believe is powering the continuedacceleration of the universe.

HHOOWW CCAANN TTHHIISSIINNFFOORRMMAATTIIOONN BBEE UUSSEEDD?? According to co-author Shy Genel ofHarvard University: “Telescopes, such asHubble show us what far-off galaxieslooked like millions or billions of yearsago, because those galaxies are millionsor billions of light-years away. A mainbenefit of Illustris is that it letsresearchers see what those galaxiesmight have looked like at various pointsin time. Like a time machine, we can go

forward and backward in time. We canpause the simulation and zoom into asingle galaxy or galaxy cluster to seewhat’s really going on.”

These findings could be used tofine-tune experiments performed withspace-based telescopes. The projectwill provide a test bed for emergingtheories of what the universe is made of,helping organisations such as TheEuropean Space Agency, and itsplanned spacecraft EUCLID, which isdue to launch in 2020 to measure theacceleration of the universe.

HHOOWW OONN EEAARRTTHH DDIIDD YYOOUUAACCHHIIEEVVEE TTHHIISS?? We began by entering details of whatthe Universe was like shortly after theBig Bang, then developed a computerprogram encapsulating the maintheories of cosmology. After this, we letthe program run. Of course in order todo this we needed to assemble atalented team in cosmology andastrophysics from around the world.

WWHHOO IISS IINNVVOOLLVVEEDD??EEuurrooppee::• Heidelberg Institute for

Theoretical Studies, Germany• Zentrum für Astronomie der

Universität Heidelberg, Germany

• Kavli Institute for Cosmology, Cambridge, UK

• Institute of Astronomy, Cambridge, UK

UU..SS::• Massachusetts Institute of

Technology• Harvard University• The Space Telescope

Science Institute• The Institute for Advanced

Study

USERS

09

Special thanks to Audrey Gerber,IUCC-Inter-University ComputationCenter, for her help in researchingthis article.

Find out more and explore thesimulation for yourself here:wwwwww..iilllluussttrriiss--pprroojjeecctt..oorrgg

USERS

10 CONNECT ISSUE 16 JULY 2014

BBEELLLLEE IIII EEXXPPEERRIIMMEENNTT BBEENNEEFFIITTSS FFRROOMMGGÉÉAANNTT’’SS GGLLOOBBAALLLLIINNKKSS

TThhee aarreeaa ooff ppaarrttiiccllee pphhyyssiiccss hhaass bbeeeenn wweellll sseerrvveedd bbyy GGÉÉAANNTT aanndd ootthheerr iinntteerrnnaattiioonnaall rreesseeaarrcchh aanndd eedduuccaattiioonn nneettwwoorrkkss ffoorr mmaannyy yyeeaarrss.. TThhee LLaarrggee HHaaddrroonn CCoolllliiddeerr aatt CCEERRNN iiss ssuurreellyy tthhee bbeesstt kknnoowwnn iinn tthhiiss aarreeaaooff pphhyyssiiccss,, aanndd hhaass ddoonnee mmuucchh ttoo rraaiissee tthhee pprrooffiillee ooff eelleeccttrroonnss,, pprroottoonnssaanndd nneeuuttrroonnss.. BBuutt wwhhaatt aabboouutt tthhee ccoommpplleemmeennttaarryy BBEELLLLEE IIII eexxppeerriimmeenntt,,ppaarrtt ooff aa rraappiiddllyy ggrroowwiinngg ccoommmmuunniittyy iinn JJaappaann tthhaatt iiss pprroommppttiinngg mmaannyy ttoosseeee tthhiiss ppaarrtt ooff tthhee wwoorrlldd aass aa ffuuttuurree cceennttrree ooff eexxppeerriimmeennttaall pphhyyssiiccss..

CCOONNNNEECCTT ssppookkee ttoo VViinncceennzzoo CCaappoonnee,, GGÉÉAANNTT aanndd TTaakkaannoorrii HHaarraa ooffKKEEKK,, ttoo uunnddeerrssttaanndd mmoorree aabboouutt tthhiiss eexxppeerriimmeenntt aanndd iittss ppootteennttiiaall iimmppaacctt oonn GGÉÉAANNTT’’ss gglloobbaall ccoonnnneeccttiivviittyy..

Copyright KEK 2014. Images are the property of KEK and mustnot be reproduced without express permission from KEK

USERS

11

matter, today only matter remains. Thiscould be explained by the CP violation,which is an extremely small violation ofthe symmetry between matter and anti-matter in nature; with a perfectsymmetry, for every particle createdduring the Big Bang the relative anti-particle should have been created too,and while a particle and an anti-particleends annihilating each other with theproduction of pure energy, without theCP violation our universe wouldn’t existas we know it.

The research pursued by BELLEand BELLE II is devoted to detecting thebroken symmetry theory predicted threedecades earlier by the 2008 Nobel Prizewinners Kobayashi and Maskawa.

WWHHEERREE IISS IITT BBAASSEEDD,,AANNDD WWHHOO AARREE TTHHEEPPAARRTTNNEERRSS??The experiment facility is located in anarea near Tsukuba (40 min. from Tokyo),at the KEK Institute, that also hosts thecomputing equipment needed to storethe raw data produced by the detectors.The BELLE II Collaboration isconstituted of more than 570 physicistsfrom 97 institutions across 23 countries.Amongst the participating countries,Germany, Italy and Slovenia play a keyrole in the computing infrastructure ofthe experiment.

WWHHYY DDOOEESS BBEELLLLEE IIIINNEEEEDD HHIIGGHH SSPPEEEEDDCCOONNNNEECCTTIIVVIITTYY?? One of the most important figures ofmerit for a particle collider is itsluminosity, which stands for the numberof particle collisions that occur everytime the beams collide. It is in turnrelated to the number of events that willbe collected and available for the

physics analysis. A higher luminositymeans that the researchers will have ahigher number of “good” events onwhich to base their observation, andalso that far more experiment data willbe collected. High statistics samplesallow for precise results, and in thissense BELLE II will collect anunprecedented amount of data for ane+e- collider. The peak luminosity ofSuperKEKB is expected to reach8x1036 cm-2s-1, and the expecteddata production of the detector is ratedat approximately 25 Petabytes per year(over 25 million Gigabytes). Theexperiment will have a distributedcomputing system that will make use ofgrid computing facilities, so thebandwidth between the computing sitesneeds to be sufficient to accommodatethis huge amount of data movement.

WWHHEERREE WWIILLLL TTHHEE DDAATTAAGGOO TTOO,, AANNDD WWIILLLL IITTIINNVVOOLLVVEE OOTTHHEERRIINNTTEERRNNAATTIIOONNAALLNNEETTWWOORRKKSS?? A “mirror” site for the main computingfacility in Japan is located at PacificNorthwest National Laboratory (PNNL)in Richland (State of Washington, USA),that will host the same raw data and willreprocess them, transforming them intothe so-called mDST (physics-analysis-oriented compact dataset made fromraw data). These data will then betransferred to a number of sites inGermany (40% - DESY, GridKa), Italy(40% - CNAF, ReCaS and other INFNsites in Italy) and Slovenia (20% -SiGNET), that collectively constitute theTier-1 computing facility for thereprocessing of data. The subsequentanalysis of the reprocessed data will beperformed on a currently unknownnumber of worldwide-spread sites.

WWHHAATT IISS BBEELLLLEE IIII,, AANNDDWWHHAATT DDOOEESS IITT HHOOPPEE TTOOAACCHHIIEEVVEE?? The BELLE II experiment deals with theproject of an asymmetric-energyelectron-positron (e+e-) collider, namedSuperKEKB, and focused on the so-called “flavour physics” which searchesfor New Physics by precisemeasurements of the interactionsinvolving the various quark families(“flavours”). It is the continuation of theformer BELLE experiment (and in asimilar track to other experiments likeBaBar) that had the same objectives butused a previous collider facility (KEKB).

The ultimate goal is to understandthe reasons of the actual form of theuniverse, based on the assumption thatwhile at the time of the Big Bang therewere equal amounts of matter and anti-

WordsPaul MauriceinterviewedVincenzoCapone ofGÉANT's pan-Europeanuser liaisonteam; andTakanori Hara of KEK.

PicturesIllustration (left)and image (farleft) show theBELLE IIdetector.All images arethe property ofKEK and mustnot bereproducedwithout expresspermission from KEK.

Copyright Rey.Hori

12 CONNECT ISSUE 16 JULY 2014

USERS

WWHHAATT CCHHAALLLLEENNGGEESS AARREETTHHEERREE IINN PPRROOVVIIDDIINNGGTTHHIISS CCOONNNNEECCTTIIVVIITTYY?? The GÉANT connectivity needed for theBELLE II experiment is basically in twomain directions, to North America and toJapan. Currently the available bandwidthto North America is more than sufficientto accommodate the experiment’s datatraffic, however the connectivity toJapan is in a less-than-ideal state, dueto the distance and the relative costs. Atthe moment, the 10G connection withSINET4, the Japanese NREN thatconnects KEK, goes via North America,to benefit from GÉANT’s direct peeringin New York, but the very long distanceon that route leads to relatively highlatency, which has the effect of reducingthe maximum achievable bandwidth towell below 10G. Promisingly however,there are high expectations of greatlyimproving, over the next 1-2 years, thequality and bandwidth of eastwardconnections from GÉANT to Japan, thatwill not only provide tangible benefits tothe BELLE II experiment, but also to abig number of other scientificcollaborations between Europe and Japan.

HHOOWW IISS GGÉÉAANNTT WWEELLLLPPOOSSIITTIIOONNEEDD TTOO OOFFFFEERRTTHHIISS?? GÉANT peers directly with ESNet(Energy Sciences Network, thatconnects PNNL) and SINET4 (ScienceInformation NETwork, that connectsKEK) thereby offering the ideal positionto provide sufficient and reliable

connectivity to both the North Americanand Japanese sites for the BELLE IIEuropean partners, who are of courseconnected to GÉANT via their nationalNRENs. GÉANT’s high speed links withthe world’s other major internationalresearch and education networks willalso benefit the BELLE II worldwide usercommunity, enabling them to access theanalysis data stored at the Europeandistributed Tier 1 sites.

WWHHAATT DDOOEESS GGÉÉAANNTTPPRROOVVIIDDEE TTOO BBEELLLLEE IIII?? GÉANT’s support to the experiment hasbeen provided in two areas:

• A perfSONAR-based solution has been tested to provide network monitoring, with five sites currently running a perfSONAR measurement point and work ongoing to establish aMeasurement Archive and User Interface at PNNL, aimed at building a BELLE II dedicated network weather-map based on perfSONAR.

• Coordination and support for a BELLE II Data Challenge using the ANA-100G trans-Atlantic link: the combined efforts of GÉANT, ESNet, GARR (Italian NREN) and DFN (German NREN) have resulted in an international testbed infrastructure being set up to measure the achievable data rates, simulating the movement of a day’s worth of raw data production (approximately 25 Terabytes) from PNNL to three European sites: Italy’s INFN-Napoli and INFN-CNAF, and Germany’s Karlsruhe Institute of Technology

(KIT). The activity has been spread across two timeframes, 12-15 May and 10-20 June, and has helped the BELLE II computing team to identify network throughput, as well as address any last-mile configuration issues.

WWHHAATT IISS TTHHEE TTIIMMEELLIINNEEFFOORR BBEELLLLEE IIII?? WWHHEENNWWIILLLL EEXXPPEERRIIMMEENNTTSSSSTTAARRTT?? The schedule sees the commissioningof the collider starting in 2015; the datataking starting in 2017 and peakluminosity (maximum data-taking rate)expected in 2021.

““GGÉÉAANNTT iiss pprroouudd ttoo bbeewwoorrkkiinngg cclloosseellyy wwiitthhaannootthheerr ttrruullyy gglloobbaallccoollllaabboorraattiivvee pprroojjeecctt tthhaatt iiss llooookkiinngg aatt tthhee bbiiggqquueessttiioonnss bbeehhiinndd tthheeccrreeaattiioonn ooff tthhee uunniivveerrssee..WWee aannttiicciippaattee aa ssttrroonngg aannddpprroodduuccttiivvee rreellaattiioonnsshhiipp tthhaattwwiillll nnoott oonnllyy ddrriivvee ffoorrwwaarrddsscciieennttiiffiicc ddiissccoovveerryy,, bbuutt wwiillllaallssoo hheellpp ttoo pprroommootteessttrroonnggeerr ccoonnnneeccttiivviittyy aannddlliinnkkss wwiitthh JJaappaann,, ffoorr tthheebbeenneeffiitt ooff aallll rreesseeaarrcchh aannddeedduuccaattiioonn uusseerrss..””

Vincenzo Capone.

Copyright KEK 2014. Images are the property of KEK and must not be reproducedwithout express permission from KEK

Copyright KEK 2014. Images are the property of KEK and must notbe reproduced without express permission from KEK

GGÉÉAANNTT AANNDD TTHHEE SSDDNN RREEVVOOLLUUTTIIOONN

O n the institutional front, there is firm recognition ofthe key enabling quality of Software DefinedNetworks. In the US, the National ScienceFoundation has instituted a specific line of funding

for these activities with its CC*IIE (Campus Cyberinfrastructure– Infrastructure, Innovation and Engineering) program.

In the EU, the European Commission has established as apriority in its ‘Future Networks’ funding objective “Internetarchitectures enabling innovation in network virtualisation,specifically through programmability of network functions andprotocols.”

GÉANT has a fundamental role in the evolution of thistechnology; its OpenFlow facility, deployed over the world-class production infrastructure, is increasingly popular withEurope’s innovators, including the teams from the Open Callprojects. Six of these projects focus specifically on SDNresearch, while others use it to develop new-gen applicationsand other innovative services.

GÉANT’s own research teams in this area are working onlaying the grounds for new capabilities and services, as well asnew service models for GÉANT and the NRENs. The areascovered include green networking, multi-domain SDN, SDN-driven security, SDN capabilities to support the Cloud, andvarious related activities to support the integration of thenetwork with compute and storage resources. In addition, theGÉANT research teams work closely with the Open Callprojects.

We present here three Open Call projects that work ondiverse developmental aspects of SDN, from implementing thetechnology at a carrier grade in IP backbones to optimisingdata flows dynamically, to creating a user friendly service forresearchers to directly harness the power of SDN-enabledvirtual networks; plus one project in the Applications area thatuses SDN to provide specialised caching of Video-on-Demandservices to improve quality while reducing costs.

Software Defined Networks are one of the hottest research topics over the past three years. The benefits SDN can bring to internet networking - speed, agility, flexibility, improved security,lowered costs - and the potential it has to radically alter the networking landscape make this acornerstone of networking innovation. Indeed, SDN is one of the three pillars in the virtualisationrevolution (compute, storage, and network virtualisation); without SDN, it is not possible to fully exploit the enormous potential of cloud technology.

“You really want to have networks that aredesigned for friction-free science.”

Eric Boyd, Internet2

“One of the key drivers was to basicallyshatter that black box ecosystem and createan environment with smaller, more modularcomponents that people could mix and match;by decoupling the control plane from thedata plane you can have intense competitionamongst the switch vendors, andcompetition among the controller vendors, orpartnerships; basically, by breaking up theseback boxes into smaller subcomponents, it allows a faster innovation cycle.”

Eric Boyd, Internet2

“All together that could mean a world that isfully connected. Seamless networks,merging fixed and mobile. Virtual networksdefined by software. Connected devices thattalk directly to each other. Constantconnectivity for every European, everyoneable to stay informed and empoweredinstantly, anytime, anywhere. Downloadingand uploading from their locker in the cloud.”

Neelie Kroes, Future Internet Assembly, Athens, 18 March 2014

WWoorrddssDiana Cresti,GARR

13

OPEN CALL

The increasing interconnectedness of research communitieson a global scale is pushing the demand for custom virtualnetworks. Researchers want to be able to share resources,such as Virtual Machines, storage, microscopes and otherfacilities, by setting up private and secure virtual networks tofit their specific needs.

Currently, only technical experts have the requiredknowledge to manually set up these virtual networks. ButSDN and NaaS (Network-as-a-Service) service models canfacilitate eScience communities in the creation andmanagement of virtual networks.

The CoCo project is building a proof-of-concept for aservice that brings the power of SDN to the fingertips ofresearchers, allowing them to create their own virtualnetwork without having to rely on experts. The CoCo service- short for ‘Community Connect’ – is based on the

OONN DDEEMMAANNDD CCOOMMMMUUNNIITTYYCCOONNNNEECCTTIIOONN SSEERRVVIICCEEFFOORR EESSCCIIEENNCCEE CCOOLLLLAABBOORRAATTIIOONN

CCOOCCOO

OpenFlow programmable network infrastructure, and will beaccessible through a simple and easy to use web interface; itwill allow users to create on-demand virtual private multi-domain, multipoint data/network instances, interconnectinglaptops, virtual machines, storage, instruments and othereScience resources.

The project is a joint effort between SURFnet, the DutchNREN, and the Dutch research organisation TNO. The teamheld a workshop in January of this year to establish somecore use cases from the direct input of the researchcommunity, yielding two high level use cases: DNAsequencing as a Service and Shared Electron Microscope.These will provide the template for ongoing collaborationwith the user communities to ensure the efficacy andusability of the service.

The rapidly growing popularity of Video on Demand (VoD)services is a major challenge for network capacity. Often, thishuge amount of content is delivered across the samechannels multiple times, resulting in unnecessary stress onthe network. To mitigate this, an intelligent network shouldbe able to ‘know’ when identical content is being deliveredrepeatedly, and react by implementing an appropriate serviceto reduce identical transmissions, such as caching. EnterOpenCache, the service being developed by CEOVDS.

The CEOVDS project is managed by the School ofComputing and Communications at Lancaster University andhas gained the attention of mainstream media such asComputer Business Review.

VVIIDDEEOO OONN ((IINNCCRREEAASSIINNGGLLYYHHIIGGHH)) DDEEMMAANNDD

CCEEOOVVDDSS

OpenCache uses OpenFlow to optimise important VoDdelivery metrics, such as buffering time, throughput, andvideo quality, to reduce the impact of repeated delivery ofidentical content over the network, thus reducing the cost ofdelivery to the network operator.

The university had already developed a prototypearchitecture, the precursor of OpenCache, to provideOpenFlow-enabled VoD caching at a single physical site.With the CEOVDS project, the team has access to theGÉANT OpenFlow facility, where the service is beingextended to run across multiple sites.

This innovation is expected to significantly reduce VoDservice costs for network operators.

14 CONNECT ISSUE 16 JULY 2014

OPEN CALL

A fundamental benefit that SDN (Software DefinedNetworking) has over classic IP connectivity is the potentialto greatly improve network efficiency by regulating traffic flowin response to the status of the network at any given time.This is the area addressed by the DyNPaC project, which isworking on an OpenFlow solution that uses dynamic pathcomputation algorithms to shape traffic in a QoS-awaremanner and based on real time information about thenetwork.

DyNPaC is run by the I2T Research Group from theUniversity of the Basque Country, a team that has extensiveexperience in OpenFlow technologies as well astelecommunications service management and working withthe Spanish and Basque NRENs.

DDYYNNAAMMIICC PPAATTHH CCOOMMPPUUTTAATTIIOONN TTOO IIMMPPRROOVVEE QQUUAALLIITTYY OOFF SSEERRVVIICCEE ((QQOOSS))

DDYYNNPPAACC

“We want to take advantage of the characteristics ofOpenFlow” says Eduardo Jacob, project coordinator “in thesense of being able to define the flows by disaggregating theoriginal flow in several smaller flows, reacting to the state ofthe network; this means that we are able to monitor thenetwork and as a response to the actual state disaggregatetraffic, route it in different parts of the network, andaggregate it again at the exit of the network. This will give usthe possibility to have a better use of the network, becausewe will have better control of the capacity used, so it will beinteresting from the economical point of view. This alsobenefits those applications related to security.”

What does it take to evolve the current IP backbone to SDN(Software Defined Networking)? This question is at the coreof the work being carried out by the DREAMER project,which is developing a solution based on a thorough study ofthe actual operational requirements of an NREN.

DREAMER brings together three partners: the Italianresearch organizations CNIT and CREATE-NET, and theItalian NREN, GARR, which contributes – among otherthings - the operational requirements.

“The project is about evolving the current IP backbonenetwork towards SDN, by meeting carrier-graderequirements,” says Stefano Salsano, coordinator of theproject. “For this purpose the project will enhance theexisting open source platform – we want to have an open

SSDDNN –– CCOOMMIINNGG TTOO AA NNEETTWWOORRKK NNEEAARR YYOOUU!!

DDRREEAAMMEERR

approach – so we want to evolve this platform adding thisnew capability.”

DREAMER takes an evolutionary approach whereby theSDN functionality in the backbone nodes operates in parallelwith (existing) IP routing protocols. To this end, the teamdesigned and is currently testing a hybrid IP/SDN nodecalled OSHI – Open Source Hybrid IP/SDN - developedentirely with Open Source components.

In June of this year, the project organised a workshop forexperts in the application of SDN technology, where it gave ademonstration of the new prototype. The event, and theattendees, are part of a larger context of collaborative workby the IEEE SDN community.

15

OPEN CALL

16 CONNECT ISSUE 16 JULY 2014

USERS

CCOOUULLDD DDAATTAA SSOONNIIFFIICCAATTIIOONN DDEELLIIVVEERR WWHHIILLEE--YYOOUU--WWAAIITT CCAANNCCEERR DDIIAAGGNNOOSSIISS??Converting cell data into sounds could enable GPs to makeinstant, non-invasive cancer diagnoses during a routinecheck-up. This could significantly reduce the agonising weeksof waiting for test results. Government waiting time targetscurrently specify that there should be no more than 2 months wait between an urgent GP referral for suspectedcancer and starting treatment.

FFAASSTTEERR,, MMOORREEEEFFFFEECCTTIIVVEE SSUURRGGEERRYYWhen removing cancerous tissues, evena small amount left behind can bedangerous. By listening to data in apatient’s body via an audio diagnostictool or probe, a surgeon is more likely tospot remaining cancerous cells than byvisual inspection alone. This providesanother layer of assistance and leavesthe surgeon’s eyes free to focus on theoperation. This is likely to reduce surgerytime and improve the probability of allcancerous tissue being removed fromthe body.

The preliminary study was launchedearlier this year at the 20th InternationalConference on Auditory Display. It is acollaboration between GÉANT;Birmingham City University and theUniversity of Central Lancashire.

The novel method could also helpsurgeons perform faster, more accuratetreatment on cancer patientsundergoing life-saving surgery.

Domenico Vicinanza, ProductManager at GÉANT was the researcherresponsible for the sonification. He said:

““PPaarrtt ooff mmyy rroollee aatt GGÉÉAANNTT iiss ttooeexxpplloorree nneeww wwaayyss ffoorr rreepprreesseennttiinnggddaattaa aanndd ddiissccoovveerryy tthhrroouugghh tthhee uusseeooff hhiigghh--ssppeeeedd nneettwwoorrkkss.. TThhiiss ssttuuddyy iissnnoo eexxcceeppttiioonn aanndd aa ggrreeaatt ooppppoorrttuunniittyyttoo aassssiisstt wwiitthh ssuucchh aa ppootteennttiiaallllyy lliiffee--eennhhaanncciinngg pprroojjeecctt tthhaatt aaddddrreesssseess oonneeooff ssoocciieettyy’’ss bbiiggggeesstt cchhaalllleennggeess””.

WWHHAATT CCOOUULLDDTTHHIISS MMEEAANN FFOORR CCAANNCCEERRDDIIAAGGNNOOSSTTIICCSS??IINNSSTTAANNTT DDIIAAGGNNOOSSIISSTraditional diagnosis might involve takinga biopsy, sending it to the lab andwaiting for the results. It can take weeksand even months. In the future, GPscould use audio feedback devices todiagnose certain types of cancer on thespot by scanning a patient to detectspecific sound signals. With instantmedical feedback, a GP can make afast, more confident diagnosis - withouttime-consuming or uncomfortable testsor scans - and react immediately.

WWHHAATT IISS DDAATTAASSOONNIIFFIICCAATTIIOONN??Domenico Vicinanza explains data sonification - watch the video here:wwwwww..ggeeaanntt..nneett//ssoonniiffiiccaattiioonn__vviiddeeoo

17

USERS

WWHHYY DDAATTAASSOONNIIFFIICCAATTIIOONN??This shows that data sonification –where data is conveyed as audio signalsas opposed to visual illustrations suchas graphs – can improve standardtechniques currently used in biomedicalspectroscopy analysis.

Current spectroscopy methodsinvolve firing light from a laser into cellsand observing how it reacts. However,analysing the results and determininghealthy cells from cancer cells involveslooking through large datasets by eye,which is time consuming and difficult. The study found that by classifying thisdata into audio signals, it is easier todifferentiate between different types ofcell, improving accuracy and allowingresearchers to search through largevolumes of data very quickly.

Ryan Stables, a researcher for theSchool of Digital Media Technology inBirmingham who lead the study said:

““TThhiiss mmeetthhoodd ooff iiddeennttiiffyyiinnggccaanncceerroouuss cceellllss iiss ssiimmiillaarr ttoo tthhaatt ooffuussiinngg aa mmeettaall ddeetteeccttoorr.. IItt aalllloowwss yyoouuttoo iiddeennttiiffyy tthhee cchhaarraacctteerriissttiiccss ooffccaanncceerr iinn rreeaall--ttiimmee,, wwhhiicchh wwee hhooppeeccoouulldd hhaavvee lliiffee--cchhaannggiinngg iimmpplliiccaattiioonnssffoorr ppaattiieennttss tthhrroouugghh tthhee ddeevveellooppmmeennttooff bbeetttteerr ddiiaaggnnoossttiicc ttoooollss..

WWee aarree nnooww llooookkiinngg aatt uussiinnggddiiffffeerreenntt ttyyppeess ooff ddaattaa aanndd aarreehhooppeeffuull tthhee rreesseeaarrcchh ccoouulldd bbee uusseeddffoorr ttrreeaattiinngg ootthheerr pphhyyssiiccaall ddiisseeaasseess,,nnoott jjuusstt ccaanncceerr..””

Domenico Vicinanza, added: FFrroomm aa pprraaccttiiccaall ppooiinntt ooff vviieeww,,lliisstteenniinngg ttoo aa ssiinnggllee ssoouunndd ffoorr aapprroolloonnggeedd ppeerriioodd ooff ttiimmee ccaann bbeepprreettttyy hhaarrdd oonn tthhee eeaarrss,, ssoo II wwaass kkeeeennttoo eennssuurree tthhee ssoouunnddss wweerree bbeeaarraabblleeaanndd ppeerrcceeppttuuaallllyy iinntteerreessttiinngg..””

WWHHAATT’’SS NNEEXXTT??Ryan Stables said:

““TThhee nneexxtt sstteepp ffoorr tthhee pprroojjeecctt iiss ttoossttaarrtt aannaallyyssiinngg ddiiffffeerreenntt ttyyppeess ooff ddaattaa((cceellll ttyyppeess,, ttiissssuuee ssaammpplleess,, eettcc..)).. OOuurrccuurrrreenntt ggooaall iiss ttoo ssttaarrtt ddeevveellooppiinngg tthheehhaarrddwwaarree ffoorr tthhee RRaammaannssppeeccttrroossccooppyy--bbaasseedd pprroobbee oovveerr tthheenneexxtt ffeeww mmoonntthhss.. WWee’’vvee jjuusstt ttaakkeenn aaPPhhDD ssttuuddeenntt oonn iinn tthhiiss aarreeaa,, aannddtthheeyy’’rree ccuurrrreennttllyy llooookkiinngg aatt mmeetthhooddssffoorr ccrreeaattiinngg nnoonn--iinnttrruussiivvee aauuddiittoorryyffeeeeddbbaacckk dduurriinngg hhiigghh--pprreessssuurreessiittuuaattiioonnss ssuucchh aass ssuurrggeerryy..””

18 CONNECT ISSUE 16 JULY 2014

CONNECT INTERVIEW

DDOOMMEENNIICCOO,, PPLLMM HHAASSBBEEEENN IIMMPPLLEEMMEENNTTEEDD FFOORROOVVEERR AA YYEEAARR NNOOWW –– HHOOWWHHAASS IITT IIMMPPRROOVVEEDD TTHHEEEEXXPPEERRIIEENNCCEE OOFF TTHHEEGGÉÉAANNTT DDEEVVEELLOOPPMMEENNTTTTEEAAMMSS??The biggest benefit has been inproviding a clear, predictable structure toproduct development. Developers andtask leaders understand the process ofturning a concept into a productionservice and know what steps areneeded. Activity leaders can much moreeasily monitor progress and can helpsecure and allocate resources muchmore easily.

DDOOEESSNN’’TT TTHHEE NNEEEEDD FFOORR““GGAATTEESS”” BBEETTWWEEEENN TTHHEECCOONNCCEEPPTT,, PPIILLOOTT AANNDDPPRROODDUUCCTTIIOONN SSTTAAGGEESSRREESSTTRRIICCTT DDEEVVEELLOOPPEERRSS??Not at all. By dividing development intoclear stages both the developmentteams and users understand how aservice transitions from pilot intoproduction and what is expected of theservice.

SSOO HHOOWW DDOO NNRREENNSS AANNDDUUSSEERRSS BBEENNEEFFIITT??Before it was hard for users tounderstand the status of the service theywere using. Now users can understandthat a production service, just like acommercial service, will have firm SLAs[Service Level Agreements], definedimplementation and support proceduresand they can have confidence that theservice is stable and suitable for theirproject. This increased confidence isvital for researchers who rely on ournetwork and services on a day-to-daybasis.

AARREE UUSSEERRSS IINNVVOOLLVVEEDD IINN PPLLMM??User input is vital to the success of thePLM and GÉANT as a whole. At the verybeginning of any development eachproduct needs both a Value Propositionand a Business Case so it is very clearwhy we are developing the service andcan show that the investment will benefitthe end users. Throughout thedevelopment we can refer to these toensure that we are always working tosupport the users and give them theservices they need and asked for andare providing value for money.

WWHHAATT HHAAPPPPEENNSS OONNCCEE AASSEERRVVIICCEE HHAASS BBEEEENNDDEELLIIVVEERREEDD??This is the essence of lifecyclemanagement and ProductManagement. It is essential that GÉANTdoesn’t ignore services once they havebeen launched and that they arecontinually monitored to make sure theyare still fit for purpose.

As an example we received valuablefeedback from the NRENs about howthey wanted perfSONAR to change andwe have been able to use that feedbackto help redesign the service to becomepart of an enhanced global perfSONARwhich incorporates the best elements ofperfSONAR MDM [the European versionof the service] and perfSONAR PS [theNorth American version of the service]. As technology develops and users’needs continue to grow, it is vital wekeep the GÉANT products up-to-dateand offer our users, both NRENs andthe wider community, great service andgreat value for money.

PPRROODDUUCCTT LLIIFFEECCYYCCLLEEMMAANNAAGGEEMMEENNTT-- TTAAKKIINNGG GGÉÉAANNTT FFOORRWWAARRDD TTOO MMEEEETTTTHHEE CCHHAALLLLEENNGGEESSAAHHEEAADD

19

CONNECT INTERVIEW

GÉANT Product Manager Domenico Vicinanza explainshow Product Lifecycle Management (PLM) benefitsGÉANT and the R&E Community.

InterviewKarl Meyer,ProductMarketing andCommunicationsOfficer.

20 CONNECT ISSUE 16 JULY 2014

SERVICES

WWHHAATT IISS YYOOUURRRREELLAATTIIOONNSSHHIIPP IINNTTHHEE LLOONNGGEERR TTEERRMMWWIITTHH EEDDUUGGAAIINN??When I started my first job at SURFnet(at SURFfederatie, since fully integratedwith SURFconext) I really liked the ideaof federations but was surprised thatfederations didn’t connect to othercountries – although that was beingworked on. When eduGAIN then cameinto production, we tried to encourageService Providers (SPs) with thepossibilities of eduGAIN. We thenbecame really excited that we couldsupport a project like VCH so as tomake full use of eduGAIN when itentered production.

WWHHAATT IISS VVCCHH AANNDDWWHHAATT AARREE IITTSSGGOOAALLSS??The VCH is a project that was started byfour institutions from four differentEuropean countries – The Netherlands,Denmark, Italy and Sweden. Theseinstitutions are all technical universitiesthat offer similar programs, but theyshared a common problem: a relativelylow number of students for particularprograms in each country. As part ofthis, they wanted to see if it waspossible to offer a virtual platform wherethe students and teachers could get incontact with each other, collaborateonline, maybe videoconference, sharedocuments, follow web lectures – therewas even talk of using onlinelaboratories from a distance, so theywanted a seamless collaborativeworking space.

SSOO HHOOWW DDIIDD YYOOUUSSUUPPPPOORRTT VVCCHH AANNDD TTHHEEIIRR NNEEEEDDSS?? The institutions were very excited tolearn about eduGAIN in this context.Their initial focus had understandablybeen on the educational aspects butvery quickly they realized the technicalchallenges were an equally big task.How do you give users access to allthese online applications? That’s whenthe Dutch university (Eindhoven) askedSURFnet to help, and we introducedthem to the world of NRENs, federationsand eduGAIN. To date, VCH has run asa pilot project and all the universitiesinvolved are happy with the results. Thelaboratories need some further work,but we were able to get severalapplications online and available foreveryone. Later this year, they will lookinto how to move the project to aproduction environment, and how itcould open new doors in education.

EEDDUUGGAAIINNSSUUPPPPOORRTTIINNGGIINNTTEERRNNAATTIIOONNAALLCCOOLLLLAABBOORRAATTIIOONN FFOORR EEDDUUCCAATTIIOONN

21

SERVICES

SSaabbiittaa BBeehhaarrii wwoorrkkss ffoorr SSUURRFFnneett aass aa PPrroodduucctt MMaannaaggeerr,, bbuuttiiss aallssoo iinnvvoollvveedd iinn sseevveerraall iinnnnoovvaattiioonn tteeaammss.. HHeerr rroollee iinn tthheeVViirrttuuaall CCaammppuuss HHuubb ((VVCCHH)) pprroojjeecctt wwaass ttoo bbee tthhee ccoooorrddiinnaattoorrwwiitthhiinn SSUURRFFnneett aanndd tthhee ccoonnttaacctt ffoorr TTeecchhnniiccaall UUnniivveerrssiittyyEEiinnddhhoovveenn,, tthhee DDuuttcchh ppaarrttiicciippaanntt iinn tthhee pprroojjeecctt.. HHeerree sshheeeexxppllaaiinnss hhooww eedduuGGAAIINN hhaass hheellppeedd tthhee VVCCHH pprroojjeecctt..

WordsLaura Durnford,SeniorCommunicationsOfficer, TERENAinterviews SabitaBehari, SURFnet

PictureSabita Behari

HHOOWW WWOOUULLDD YYOOUULLIIKKEE TTOO SSEEEEEEDDUUGGAAIINN DDEEVVEELLOOPPIINN FFUUTTUURREE?? I would like to see even more IdPs andfederations connected to eduGAIN. Inparticular having more Service Providersconnected to eduGAIN would help a lot,simply because then you could view theservices already available. Also it wouldbe great to have a global solution forguest users. Whilst we are here for theresearch and education community,these people also work with otherpeople from commercial companies,from government, and it would be veryhelpful if there was a global solution forhelping these guest users to connect toour community in an easy way.

Sabita Sehari was talking to LauraDurnford, Senior CommunicationsOfficer, TERENA. The full video interview will shortly be available atwwwwww..yyoouuttuubbee..ccoomm//GGEEAANNTTttvv

22 CONNECT ISSUE 16 JULY 2014

SERVICES

WWHHAATT IISSEEDDUUGGAAIINN?? The eduGAIN service enables theinterconnection of identityfederations around the world,simplifying access to content,services and resources for theglobal research and educationcommunity. eduGAIN enables thetrustworthy exchange of informationrelated to identity, authenticationand authorisation (AAI). ThrougheduGAIN, identity providers offer agreater range of services to theirusers, delivered by multiplefederations in a truly collaborativeenvironment; service providers offertheir services to users in differentfederations, increasing their targetmarket; and users seamlesslybenefit from the wider range ofservices.

WWHHAATT WWEERREE TTHHEEMMAAIINN CCHHAALLLLEENNGGEESSIINN CCOONNNNEECCTTIINNGGEEDDUUCCAATTIIOONNAALLIINNSSTTIITTUUTTIIOONNSS??Firstly, whilst our contacts were heavilyinvolved with the educational contentand the user experience from thestudent and teacher perspectives, theirunderstanding of the technicalchallenges was limited. So our job wasto teach them about the possibilities andhow it could work. Second, not all theeducational institutions were an IdP(identity provider) – and for you to beable to use eduGAIN you first need tobe an IdP with your own federation inyour own country. Whereas everycountry has a federation, not allinstitutions are members of thatfederation. So the universities had to beset up as part of their country federation,albeit occasionally as guest members –but that will be addressed when theVCH pilot moves into production. Finally,there were many legal conditions thatneed to be abided by – for examplewhen services are provided by onecountry not only to their members, butto members from other countries aswell. Whilst these conditions are notunique to educational users, their needfor the highest data protection is critical– particularly when the universities areinvolved in research – and thecollaborative environments must remaincarefully controlled.

HHOOWW DDOOEESS EEDDUUGGAAIINN PPRROOVVIIDDEE AA SSOOLLUUTTIIOONN??eduGAIN provides the vital framework,functionality and technical support toconnect separate federations into oneconfederation, or inter-federation,enabling the various institutions to worktogether. It does the same job as a localfederation in that it connects IdPs andSPs and connects users with onlineservices and it does all of that on aninternational level. So theoretically,eduGAIN makes it possible for a user tomake use of an online service offered byanother federation or IdP anywhere inthe world.

An important part of this is the legalframework, effectively a Code ofConduct, to which SPs can agree andwhich institutions can trust. This is a keypart of eduGAIN.

The value is very clear. If institutionswant to work together internationally,they simply have to connect throughtheir local federation – typically wellknown to them.

WWHHAATT AALLTTEERRNNAATTIIVVEESSAARREE TTHHEERREE TTOOEEDDUUGGAAIINN?? Is there a good alternative for eduGAIN?Probably not! I guess some commercialproducts offer similar benefits. As ourinstitutions are all part of the localfederations that are usually operated byNRENs, in other words specifically forR&E, they would be unlikely to usecommercial products. If it wasn’t foreduGAIN they would probably have hadto make a lot more technicalconnections one on one. I really don’tsee any other way to address theirchallenges, except for maybe just usingone big suite of one service provider, butthat’s usually not what they want. So no,there’s not a good alternative toeduGAIN.

WWHHAATT VVAALLUUEE DDOOEESSEEDDUUGGAAIINN OOFFFFEERRFFEEDDEERRAATTIIOONNSS??It’s very useful for SURFconext to bepart of eduGAIN because we see that alot of our institutions are collaboratingmore and more not only with each other,but on an international level withstudents and researchers from aroundthe world. Not having eduGAIN wouldmean we would have to figure out caseby case how to help them, but nowthere is a single solution for all of them.

23

GENERAL

CCAAMMPPUUSS BBEESSTT PPRRAACCTTIICCEE JJUUSSTT GGOOTT EEVVEENN BBEETTTTEERR!!LLaasstt mmoonntthh tthhee CCaammppuuss BBeesstt PPrraaccttiiccee tteeaammllaauunncchheedd aa bbrraanndd nneeww wweebbssiittee ttoo hheellpp uusseerrss ffiinnddaanndd ddoowwnnllooaadd tthhee ffuullll rraannggee ooff CCaammppuuss BBeessttPPrraaccttiiccee mmaatteerriiaallss aanndd aallssoo ggeett iinnvvoollvveedd iinn tthheewwoorrkksshhooppss aanndd ccoommmmuunniittyy aaccttiivviittiieess..

TERENA and Dante have workedtogether to combine the resources ofthe CBP group into one easy to usesite which will make it easier forNRENs and campus IT staff to findhelp and resources they need.

The CBP materials can be found athhttttpp::////sseerrvviicceess..ggeeaanntt..nneett//ccbbpp

24 CONNECT ISSUE 16 JULY 2014

SERVICES

NNEEWW PPEERRFFSSOONNAARR IISS IINNTTEERRNNAATTIIOONNAALL EEFFFFOORRTT TTAACCKKLLIINNGG GGLLOOBBAALL MMOONNIITTOORRIINNGG CCHHAALLLLEENNGGEE

users. User could be students workingvia local campus networks to scientistscollaborating on international projects,so interoperability is vital. Essentially, itremoves scope for confusion andfragmentation and increases efficiencyfor all.

WWHHAATT’’SS TTHHEE HHIISSTTOORRYY OOFF PPEERRFFSSOONNAARR??Since its inception 10 years ago, MDMand PS have followed different paths,meeting the needs of local usercommunities in the USA and Europe.This led to a set of two, mostlyincompatible sets of tools andpackages.

In March 2010, to respond to anincreasingly international researchcommunity, we began work under acollaboration framework called DICE –along with Internet2, CANARIE andESnet.

The result was a set of more effectiveand sustainable monitoringfunctionalities able to interoperatebetween perfSONAR MDM and PSinfrastructures. It removed thedemanding tasks of constant alignmentof components and the need toduplicate functionalities.

HHOOWW DDIIDD YYOOUU GGOOAABBOOUUTT CCOONNVVEERRGGIINNGGTTHHEE TTWWOO??At the end of 2013, GÉANT, Internet2,Indiana University and ESnet, startedworking on a different approach. Usingexperience gained in the previous work,we selected the best components fromMDM and PS for delivering a consistenthigh quality experience to users andbundled them into a commonly brandedand jointly released platform.

This first operational prototype wassuccessfully demonstrated at TNC2014.It included four measurement points, twoin the US, Washington and New York, andtwo in Europe, Frankfurt and Amsterdam.

WWHHAATT DDOOEESS TTHHEEFFUUTTUURREE HHOOLLDD??In the coming months we will beworking together again to consolidatethe support structures, training,documentation and software delivery forthe new ‘converged perfSONAR.’

PerfSONAR MDM andperfSONAR PS are twodifferent implementations of anoriginal shared idea, which

have recently been integrated into oneplatform. We caught up with DomenicoVicinanza, Network Services ProductManager at GÉANT to ask him aboutthe many benefits this will deliver tousers.

PPLLEEAASSEE EEXXPPLLAAIINN AA BBIITTAABBOOUUTT PPEERRFFSSOONNAARRThe infrastructure and associatedservices of perfSONAR simplify networktroubleshooting making it easier to solveend-to-end performance problems.perfSONAR enables networkperformance monitoring usingmeasurement beacons and archivesthat talk to each other using a standardprotocol.

WWHHYY BBRRIINNGG TTHHEE TTWWOOTTOOGGEETTHHEERR??The resulting convergence of theplatforms is now even more flexible,robust and sustainable in supporting its

Find out more::ppeerrffssoonnaarr--iinnffoo@@ggeeaanntt..nneett hhttttpp::////sseerrvviicceess..ggeeaanntt..nneett//ppeerrffssoonnaarr//PPaaggeess//HHoommee..aassppxx

25

SERVICES

GGRREEEENN NNEETTWWOORRKKIINNGG WWOORRKKSSHHOOPP -- BBUUIILLDDIINNGG CCOOMMPPEETTEENNCCEEIINN EENNVVIIRROONNMMEENNTTAALL SSUUSSTTAAIINNAABBIILLIITTYY

GRNET (the Greek NREN) will also bepresenting their ECO2METER online toolthat NRENs can use to report theirGreenhouse Gases emissions.

Many teams will also be presentingposters demonstrating their latestresearch in greening ICT.

The workshop is intended primarily forNREN participants, both operational andmanagement, ICT and facilitiesmanagement personnel in highereducation institutions, and forenvironmental agents and decision-makers.

For more details on the workshop andto register, visithhttttpp::////wwwwww..tteerreennaa..oorrgg//aaccttiivviittiieess//ggrreeeenn--wwoorrkksshhoopp//wwss33//

The GÉANT Green Team isdedicated to showing howNRENs can use green ICT tosupport sustainability. On 15-

16 September, the Green Team will behosting a workshop in Budapest to helpNRENs build sustainable work practicesand develop a greater understanding ofthe environmental impact of ICT.

The purpose of this workshop is to:

• Build competency in sustainable work practices.

• Demonstrate best practice guidelines to aid business implementation.

• Provide greater understanding of the impact of energy consumption in lifecycle costing when selecting equipment.

• Learn and share progress in environmental policy and practice from academic and research institutions.

26 CONNECT ISSUE 16 JULY 2014

CONNECT INTERVIEW

QQ&&AA WWIITTHHIIVVAANNAA GGOOLLUUBBIvana Golub of Croatian NREN CARNet leads the GÉANT Activitythat deals with Network Support Services (SA4). CONNECT spoketo Ivana to learn more about the work in this area, and what itmeans for the millions of users who rely on GÉANT.

27

CONNECT INTERVIEW

HHOOWW LLOONNGG HHAAVVEE YYOOUU BBEEEENNPPAARRTT OOFF GGÉÉAANNTT,, AANNDD HHAASSYYOOUURR RROOLLEE AALLWWAAYYSS BBEEEENN IINN TTHHIISS AARREEAA?? I joined the GÉANT community duringthe GÉANT2 project (which ran 2004-2009) as part of the Service Activityinvolved with End-to-End Quality ofService and the Joint Research Activityworking on Performance Measurementand Monitoring.

In GÉANT (GN3 2009-2013), I waspart of the Joint Research Activityworking on Future Network - FederatedNetwork Architecture, after which Ijoined the Service Activity for NetworkBuild and Operations – part of theplanning team.

Finally in August 2012, I applied forthe Activity Leadership position for theGÉANT (GN3plus) Service ActivityNetwork Support Services (SA4), sincewhen I have been actively involved inthis area.

WWHHAATT IISS YYOOUURR AARREEAA OOFFRREESSPPOONNSSIIBBIILLIITTYY??In the GÉANT project, my role as theactivity leader is to empower the tasks intheir assignments when needed,coordinate activities between the tasks,from and towards the other projectteams. The Activity Leader has topossess expert knowledge in the fields,as well as management and leadershipcapabilities to create an environment forthe successful delivery of high qualityresults.

In CARNet, my role as the AssistantCEO for Network infrastructure is to leadand coordinate all activities related tobuilding, operating, maintaining andmanaging the CARNet network andnetwork services. With this two-fold role,I am bringing the NREN view to SA4 aswell as GÉANT experience to CARNeteveryday work.

WWHHAATT DDOOEESS NNEETTWWOORRKKSSUUPPPPOORRTT SSEERRVVIICCEESS DDOO FFOORRTTHHEE NNRREENNSS AANNDD TTHHEEIIRRUUSSEERRSS??Network Support Services looks at themulti-domain aspects of networkmonitoring and security. We see it asproviding the glue that bonds togetherindividual NRENs' related services into aglobal infrastructure. This area developsand offers tools such as perfSONAR(together with US partners includingESnet and Internet2) for CMon in thearea of network monitoring, andpenetration testing, Firewall on Demandand NfQuery in the area of multi-domainsecurity.

We also coordinate the eduPERTcommunity and address performance-related topics, including end-to-end userservices, infrastructure services or theinfrastructure itself by providing thecommunication platform, including on-line and face-to-face meetings andpresentations, training and workshops,active portal and knowledge base andmore.

We also provide support fordevelopers in the GÉANT projectthrough secure code training fordevelopers, and secure code audits andpenetration testing for productionservices.

Our work in the area of End-to-EndManagement (Network ManagementArchitecture Approach) has started withanalysis of the existing processes,services and tools in the area of NetworkSupport Services taking intoconsideration relevant industrystandards, thus focusing primarily on theinternal aspects of the GÉANT project.Still, the main focus is in offering servicesto the GÉANT community users throughthe optimisation, continuity and possibleintegration of existing solutions and thedevelopment of missing pieces ifneeded.

WWHHAATT DDOO YYOOUU SSEEEE AASS TTHHEEMMAAIINN OOBBJJEECCTTIIVVEESS AANNDDCCHHAALLLLEENNGGEESS IINN YYOOUURR RROOLLEEAASS AACCTTIIVVIITTYY LLEEAADDEERR?? My main objectives – and at the sametime challenges – are to gather togetherand work with the team in a confident,trusty and working environment aroundthe pre-defined goals and tasks towardsuser-oriented, recognised, useful andused services.

Team members come from severalcountries, bringing to the teams differentviews, experiences and knowledge, allof which gives a new dimension andgreat benefits to the project.Orchestrating that with the definedobjectives, goals, time-line and with thework of other teams in different activitiesis an interesting and valuableexperience.

IINN TTEERRMMSS OOFF NNEETTWWOORRKKSSUUPPPPOORRTT SSEERRVVIICCEESS,, WWHHAATTAARREEAASS WWOOUULLDD YYOOUU LLIIKKEE TTOOSSEEEE IINNCCLLUUDDEEDD IINN FFUUTTUURREEPPRROOJJEECCTTSS?? I’d like to see a multi-domain view oninfrastructure, services, cooperation, andmany other areas, as well as in alllifecycle phases. It can help tostrengthen the communication betweenindividual domains, to provide additionalinformation that might not be availablefor single-domain view, for trendsanalysis, etc.

From the area of current NetworkSupport Services activity, benefits canbe seen in the continuation of work inthe areas of multi-domain monitoring,security, operations...

I believe it is the networking ofexpert groups that brings specialstrength to the project and thecommunity, and this trend is increasingin GÉANT. Cooperation, collaboration,knowledge and experience sharingcreate a beautiful synergy that helps theproject and people in it to grow evenfaster. Hopefully there will be more!

InterviewPaul Maurice,SeniorCommunicationsOfficer, DANTE

WWHHAATT DDOO YYOOUU EENNJJOOYY MMOOSSTT AABBOOUUTT YYOOUURR WWOORRKK?? The opportunity for continuous learning, dynamics,diversity, and working with great and interesting peoplefrom our community.

LLAASSTT MMOOVVIIEE YYOOUU WWAATTCCHHEEDD?? Cartoons, over and over again!

WWHHAATT BBOOOOKK AARREE YYOOUU RREEAADDIINNGG?? Just finished "The naive and the sentimental novelist" by Orhan Pamuk, now reading "The seven daughters ofEve" by Brian Sykes.

WWHHEERREE WWAASS YYOOUURR LLAASSTT HHOOLLIIDDAAYY?? Summer holidays I always spend in Croatia in a smallplace at the Adriatic cost.

WWHHAATT’’SS IINN YYOOUURR MMUUSSIICC LLIIBBRRAARRYY?? Depeche Mode, Zaz, Pink, Adele, Vaya Con Dios,Croatian artists, and many more

WWHHAATT DDOO YYOOUU DDOO FFOORR DDOOWWNNTTIIMMEE??Enjoying the time with my family. The best way to enrich the day!

TTEECCHHNNIICCAALL IINNSSIIGGHHTT

28 CONNECT ISSUE 16 JULY 2014

TECHNICAL INSIGHT

GGÉÉAANNTT PPEERRFFSSOONNAARR MMDDMM--BBAASSEEDD CCIIRRCCUUIITTMMOONNIITTOORRIINNGG IINN AA MMUULLTTIIDDOOMMAAIINN EENNVVIIRROONNMMEENNTT

AABBSSTTRRAACCTTGlobal research collaborations todayrequire reliable and secure dedicatednetwork connections to facilitate datacommunications between collaboratingpartners. To deal with the deluge ofdata, dedicated connections are neededto transport data in a highly efficientmanner. Managing such links, whichoften cross multiple administrativedomains with heterogeneousinfrastructure, poses many compellingresearch challenges, one of which isinterdomain network monitoring. In thisarticle, a multidomain circuit monitoringsystem, CMon, is introduced. Usingsome services of GÉANT perfSONARMDM, CMon is able to provide end-to-end circuit monitoring services withgreat flexibility, extensibility, and vendorindependence, regardless of theunderlying circuit provisioning systems.The architecture of CMon, by usingmeasurement federations, can adapt toeither changes in the circuit provisioningsystem or expansion of network size.

IINNTTRROODDUUCCTTIIOONNResearchers are increasinglycollaborating on projects, exchangingdata, and innovating at the forefront oftheir fields in different parts of the world.Networking and communicationstechnologies have been assisting suchactivities for decades. However, thetraditional method of data service is touse IP service and accept whateverperformance is obtainable acrossmultiple network domains or toconstruct a dedicated network withdedicated capacity designed only forspecific performance requirements.

However, users are requiring dataservices that can provide higherguaranteed bandwidth with less jitterthan traditional IP connections, andgreater flexibility than static dedicatedlayer 2 (L2) point-to-point connections(circuits). The service should allow usersto request a circuit with a specific set ofparameters (bandwidth, maximumtransmission unit (MTU), delay, ingressand egress virtual local area network[VLAN] identifiers, etc.) for a desiredduration (from hours to months). Suchan automated dynamic multidomain

circuit provisioning service is calledmultidomain bandwidth-on-demandservice (BoD). There are different circuitprovisioning systems (CPSs) supportingthe same BoD service or having thesame purpose, such as AutomatedBandwidth Allocation AcrossHeterogeneous Networks (AutoBAHN)[1], On-Demand Secure Circuits andAdvance Reservation System (OSCARS)[2], and others [3, 4]. A multidomaincircuit consists of several segments, forwhich each domain is responsible. Evenif the circuit is provisioned by the sametool, the underlying technologies usedfor provisioning each segment can bedifferent, such as L2 multiprotocol labelswitching (MPLS) virtual privatenetworks (VPNs), generic framingprocedure (GFP) over synchronous digitalhierarchy (SDH), or Ethernet over MPLS.

In order to provide a complete dataservice, performance needs to beeffectively monitored. However, it isgenerally challenging to monitor theperformance of such dynamicallyprovisioned multidomain circuits forviewing, analysis, diagnosing, andtroubleshooting because of the varioustechnologies used in different domains,collaboration challenges, policy issues,and so on. Many monitoringarchitectures [5–7] have not consideredthe heterogeneity of different domains.The work in [8] considered theheterogeneity, but there is no holisticview on the service chain.

Related work in this area has alsobeen done at the Czech Republic’sNational Research and EducationNetwork (CESNET) with thedevelopment of a monitoring tool forphotonic services called CzechLightMonitor, or CLMon [9]. CzechLightMonitor conducts Simple NetworkManagement Protocol (SNMP)-basedmonitoring of CzechLight devices and iscapable of using in- and out-of bandremote access. In its first version,CLMon was not vendor-independentand could only be used to monitorCzechLight devices; CESNET iscurrently working on a new developmentof CLMon that also includes monitoringof Cisco optical elements.

To the best of the authors’knowledge, current CPSs either lackmonitoring ability, where the system

cannot realize a broken circuit unlessnotified by users, or rely on primitivemethods to locate system faults in amultidomain environment (e.g., by callingor sending emails to the next domain onthe circuit chain). These are undoubtedlyinefficient and unacceptable for BoDservice.

To tackle these problems ofmultidomain circuit performancemonitoring, a multidomain circuitmonitoring system (CMon) is built, usingservices provided by PerformanceFocused Service Oriented NetworkMonitoring Architecture (perfSONAR)[10], which is a unified service platformfor multidomain network performancemonitoring used where a set of servicesdeliver performance measurements in afederated environment. With thediversity of monitoring technologiesbetween different domains taken intoaccount, CMon utilizes perfSONARservices to provide circuit monitoringdata through a web portal in order toachieve the most flexibility, extensibility,compatibility and vendor independency.perfSONAR services include active andpassive measurements. An activemeasurement for circuit monitoringrequires a measurement node to sendtest packets in a specific pattern fromone end of the circuit path to the other inorder to estimate the condition of thetraversed path by analyzing the receivedtest packets. Passive measurements forcircuit monitoring demand networkequipment to be constantly monitored inorder to determine the traffic condition.Different measurement methods shouldbe used for different metrics. Forinstance, to measure the latency of acertain circuit, test packets must besent. In contrast, measurement of, forexample, bandwidth usage can beimplemented by monitoring thetransmitted traffic volume on a specificinterface. These two methods jointlycontribute to the multidomain circuitmonitoring service.

Therefore, we discuss thearchitecture and design of CMon in thisarticle. We first describe the background,including perfSONAR and theautomated circuit provisioning service,BoD, and the tool, AutoBAHN. Afterthat, we depict CMon architecture anddesign in a nutshell. Finally, we concludethe article.

Reproducedfrom IEEECommunicationsMagazine, Vol 52, No. 5

WWoorrddss aannddIInntteerrvviieewwHao Yu, FengLiu, SusanneNaegele-Jackson, TanguiCoulouarn, TruptiKulkarni, JosvaKleist, WolfgangHommel, andLars Dittmann

BBAACCKKGGRROOUUNNDDCMon is a system that processesnotifications from CPSs, fetchesmonitoring data from domains, andsplices different segments’ performanceto show for the whole circuit. Such anarchitecture gives CMon great flexibility,extensibility, and simplicity. This sectionbriefly describes the BoD service andthe perfSONAR architecture.

BBAANNDDWWIIDDTTHH--OONN--DDEEMMAANNDD SSEERRVVIICCEE AANNDD AAUUTTOOBBAAHHNNThe GÉANT3 BoD is an end-to-end(E2E), point-to-point connectivity (circuit)service for data transport. It allows usersto create dedicated dynamic circuitswith specified bandwidth and duration.The service is designed for situationswhere high volumes of data have to betransported in the networks betweentwo known endpoints and/or where adedicated circuit is required. It isintended for relatively short-term use,ranging from several minutes up toseveral months with no change in basicconfiguration, while static circuits usuallyhave a very long life cycle.

The novelty of the approachconsists of conceiving a multidomainservice, which stretches over differentnetworks administered by differententities, and multi-platform, not using asingle software but relying on standards and/or agreements between differentco-providers.

Today, the service is used by bigdata science users and also differentprojects that are mostly interested inaspects other than just bandwidth. Inparticular, the BoD service is used byapplications in order to get dedicatedconnectivity. For example, the followingresearch projects have started to usethe service: NEXPReS (radioastronomy), AutoKNF (high energyphysics), Bonfire (testbeds), andMantychore; while several projectsintend to do so. It confirms the progressobserved in other networks for user-controlled traffic. As indicated above, theBoD service also targets networkmanagers who want an automatedsolution to set up multidomain or single-domain connections.

As one of the CPSs, AutoBAHNwas developed and piloted within theGÉANT2 project (2005–2009). It wasconceived from the beginning to beused in a multidomain environmentwhere domains use differenttechnologies to provide circuits.

Within the GÉANT3 project (2009–2013), AutoBAHN was furtherdeveloped to support the tool-agnosticmultidomain BoD service for a numberof national research and educationnetworks (NRENs) in the GÉANT

29

TECHNICAL INSIGHT

community. In most implementations,AutoBAHN uses Common NetworkInformation Service (cNIS) for topologyinformation. AutoBAHN is composed ofthree modules:• IInntteerrddoommaaiinn mmaannaaggeerr ((IIDDMM))::

Responsible for the interdomain operation of circuit reservation on behalf of a domain

• DDoommaaiinn mmaannaaggeerr ((DDMM)):: Abstracts the information provided by cNIS and transmits it to the IDM; also required to manage intra- domain resources

• TTeecchhnnoollooggyy pprrooxxyy ((TTPP)):: Specialized components with the technology-specific capability to configure the heterogeneous underlying networks

Figure 1 [1] presents the interactionsbetween the basic AutoBAHN modules,including a lookup service (LS) used forabstract topology exchange betweenIDM, and TPs.

It is far from enough to provideconnectivity service without being ableto monitor performance. In the operationof the BoD service, a monitoring systembased on a standard perfSONARimplementation, CMon, will be providedto users to track the end-to-endavailability of the circuits provisioned byone or different CPSs.

TTHHEE PPEERRFFSSOONNAARRPPLLAATTFFOORRMMperfSONAR is a framework formultidomain network performancemonitoring. The web-services-basedinfrastructure was developed by severalinternational partners from Internet2,ESNet, and the GÉANT2/GÉANT3projects with the purpose of providingnetwork administrators with easy access

to cross-domain performanceinformation and facilitating themanagement of advanced networks.The design of the architecture was setup to be well prepared for new metricsand extensions, and to automateprocessing of measurement datawhenever possible. For this reasonperfSONAR was divided into threecomponents with different service modules:

• A data services component, where measurement points (MPs) collect data through active and passive measurement tools, and store the data in a measurement archive (MA)

• An infrastructure services component where authorization andinformation services are provided, which also include topology information and a home lookup service (hLS) that can identify all registered perfSONAR services such as MAs or MPs

• An analysis and visualization service component with graphical user interfaces (GUIs), network operations center (NOC) alarms, and web visualization services for the collected measurement data

For use in a multidomain environment,the perfSONAR services can be globallyfederated. This requires synchronizationof all involved hLS with a global lookupservice (gLS) and the availability of globaltopology information collected fromintra-domain MAs into an inter-domainaggregated (abstract) topologymeasurement archive (MA(at)), as shownin Fig. 2. The perfSONAR framework notonly provides a reliable source for rawmonitoring data for upper-layer networkmanagement services; it also defines aset of standardized protocols thatfacilitates deployments of federatednetwork measurement infrastructures.

Web GUI Lookup service

Inter-domain manager

Single AutoBAHN instance

Domain manager

Technology proxy

Auto

BAH

Nsy

stem

Inter-domain manager

Single AutoBAHN instance

Domain manager

Technology proxy

Network managementsystem

IP domain

SDH domainGE domain

Clientequipment

ClientequipmentNative Ethernet

Inter-domain manager

Single AutoBAHN instance

Domain manager

Technology proxy

GFP over SDHL2 MPLS VPN

Dat

apl

ane

FFiigguurree 11.. AAuuttooBBAAHHNN aarrcchhiitteeccttuurree oovveerrvviieeww

30 CONNECT ISSUE 16 JULY 2014

TECHNICAL INSIGHT

CCIIRRCCUUIITTMMOONNIITTOORRIINNGGSSYYSSTTEEMMData transportation from one researchinstitute to another sometimes needs adedicated L2 circuit instead of an IProute. A circuit, consisting of differentconnection methods, can beprovisioned across multiple domains byan automated provisioning system withon-demand parameters, such asduration and bandwidth. Due to thedynamic resource allocation mechanismused by CPSs and the potentialexpansion of the NREN community,CMon is required to be flexible andextensible in order to adapt to anychange in the underlying CPSs. In thissection, first the requirements areanalyzed, and then the systemarchitecture and design are described.

SSYYSSTTEEMMRREEQQUUIIRREEMMEENNTTAANNAALLYYSSIISSThe CMon system intends to makemonitoring information aggregationacross domains not only feasible, butalso easy and fast. To this end, it isdesigned with the properties of flexibility,security, simplicity, controllability, andtransparency in mind. In this sectionthese considerations and the principaldesign philosophies behind CMon arediscussed briefly. These requirementsserve as guidelines in both the designand implementation stages of CMon.

FFlleexxiibbiilliittyyOne of the differences between dynamicand static circuits is their life cycleduration. To monitor dynamically createdcircuits, configuration and informationretrieval processes need to be adaptedaptly to changing situations. Forexample, once a circuit is established, acorresponding monitoring page shouldbe created dynamically. Nevertheless,for static circuits, due to their long lifecycle and relatively stable routing paths,a less automated reconfigurationprocess could be adequate. However,for dynamic circuits with frequentchanges and short life cycles, manualconfiguration and adaptation would bedifficult, if not impossible. Therefore, thecreation and adaption of dynamiccircuits should be done without heavyhuman intervention to reduce theoverhead and increase efficiency.

SSeeccuurriittyySecurity is paramount in the design ofCMon. NRENs in Europe mostly haverather strict data protection policies oreven laws by which they must abide.Operational information such asmonitoring data regarding devices such

as core routers and switches aregenerally considered to be sensitiveinformation that have to be sufficientlyprotected against any unauthorizedaccess and potential interceptions asthey are sent over networks. CMon hasto consider and evidently provide thefollowing security features before NRENsare ready to provide data:• AAuutthheennttiiccaattiioonn ooff ddaattaa ssoouurrcceess::

Sources of monitoring data must be rigorously authen ticated in order to guarantee genuineness.

• AAcccceessss ccoonnttrrooll ooff mmoonniittoorriinngg ddaattaawwiitthh aauutthhoorriizzaattiioonn:: This ensures that only authorized personnel/devices have access to the data. It is optional for operators to implement based on their own policies.

• SSeeccuurree ccoommmmuunniiccaattiioonn cchhaannnneell ffoorr mmoonniittoorriinngg ddaattaa::All communications between a data gathering client and a CMon server must be through encrypted channels.

SSiimmpplliicciittyyOne of the important lessons learnedfrom a previous deployment andoperation of an interdomain monitoringapplication [11] is that everything shouldbe kept as simple as possible for users.Simplicity must be catered to for thecomplete life cycle of the monitoringsystem. The following considerations aremade:• EEaassyy iinnssttaallllaattiioonn aanndd

ccoonnffiigguurraattiioonn:: For example, all dependencies should be resolved automatically by installation, and configuration should also be automated wherever possible.

• SSiimmppllee mmaaiinntteennaannccee:: Software updates and patches should be prepared and distributed without extra overhead to the users. Moreover, potential system disruption must be kept to a minimum during maintenance.

CCoonnttrroollllaabbiilliittyy aannddTTrraannssppaarreennccyyOnce an administrator introduces a newmanagement system that is required byan multi-domain project such asGDÉANT, they may want to know whatactually happens in the backgroundonce the system is operational andwhether the introduction of the newapplication causes any new security riskin their administered infrastructure.Moreover, operators have to ensure thatthe monitoring information collected andtransmitted over the networks to theexternal application does not conflictwith any information policy from theirown organizations. Such knowledgeenables operators to gain transparencyon what data is actually communicatedbetween data collecting and dataaggregating entities.

According to the experiences gainedduring past deployments of interdomainapplications [11], most target users wishto remain in control of management dataflows throughout the life cycle of acircuit. It is thus desired that, at atechnical level, administrators should becapable of controlling the data flow in amore active way.

MMuullttiimmooddaall AAcccceessssiibbiilliittyyThe system should enable its users toaccess their desired data in differentways. This not only allows users to havedifferent interfaces to access theapplication, such as either through web-based methods or command lineinterface (CLI); it also provides users withfeasibility to integrate the software intotheir own applications (e.g., with theirown home-brewed networkmanagement scripts). Since eachaccess model has its own advantagesand disadvantages, choices should begiven to users to select the accessmodel that is most suited to their needs.

CCIIRRCCUUIITTDDEESSCCRRIIPPTTIIOONNCircuit naming and description is animportant issue in a multidomainenvironment because identificationuniqueness must be ensured. Thissection presents a circuit descriptionmechanism using the four elementslisted below.

CCiirrccuuiitt IIddeennttiiffiieerr A circuit identifier (CID) uniquely identifiesa circuit. With the CID, clients can lookup information about the circuit in acircuit registration database. The formatof this identifier is a universal resourcename (URN) of the Global LambdaIntegrated Facility (GLIF) naming formatcontaining a domain name part and adomain-specific part, shown as follows:

MPMP MP

GUI

MA(at)

Analysis tool

Interdomain visualization

MAMP

MP MP

MAMP

MP MP

MA

hLS

gLS

hLShLS

FFiigguurree 22.. ppeerrffSSOONNAARR aarrcchhiitteeccttuurree

31

TECHNICAL INSIGHT

GGLLOOBBAALL--CCIIDD ==uurrnn::ooggff::nneettwwoorrkk::<<ssoouurrccee--ddoommaaiinn>>::<<llooccaall--ppaarrtt>><<llooccaall--ppaarrtt>> == <<ssoouurrccee--ddoommaaiinn--IIDD>>@@<<ttiimmeessttaammpp>>__rreess__<<sseeqquueennccee--nnuummbbeerr>>

CCiirrccuuiitt DDeessccrriippttoorr A circuit descriptor is used by aprovisioning system to track thereservation in all involved domains. Itcontains circuit information, such asbandwidth, source, destination,duration, and other like informationrelated to the circuit.

SSeeggmmeenntt IIddeennttiiffiieerrA segment identifier (SID) uniquelyidentifies a circuit segment, which isusually provisioned by a domain. Likethe CID, clients can look up informationabout the segment in a circuitregistration database. The format of thisidentifier is also a URN of the GLIFnaming format containing a domainname part and a domain-specific part,shown as follows:GGLLOOBBAALL--SSIIDD ==uurrnn::ooggff::nneettwwoorrkk::<<ddoommaaiinn--nnaammee>>::<<llooccaall--ppaarrtt>><<llooccaall--ppaarrtt>> == <<ssoouurrccee--ddoommaaiinn--IIDD>>@@<<ttiimmeessttaammpp>>__rreess__<<sseeqquueennccee--nnuumm-- bbeerr>>::<<ddoommaaiinn--IIDD>>

SSeeggmmeenntt DDeessccrriippttoorrA segment descriptor contains asequence of network elements selectedfor the reservation within a domain. Itcontains information of a circuitsegment, including bandwidth, ingressport, and egress port. Figure 3 depictsan example of a circuit consisting ofthree segments. According to the formatdescribed previously, the CID is:uurrnn::ooggff::nneettwwoorrkk::ddoommaaiinn__aa..nneett::DDOOMMAAIINN__AA@@ 112277558877220044__rreess__11and the SIDs are, respectively:uurrnn::ooggff::nneettwwoorrkk::ddoommaaiinn__aa..nneett::DDOOMMAAIINN__AA@@ 11227755998877220044__rreess__11::DDOOMMAAIINN__AAuurrnn::ooggff::nneettwwoorrkk::ddoommaaiinn__bb..nneett::DDOOMMAAIINN__AA@@ 11227755998877220044__rreess__11::DDOOMMAAIINN__BBuurrnn::ooggff::nneettwwoorrkk::ddoommaaiinn__cc..nneett::DDOOMMAAIINN__AA@@ 11227755998877220044__rreess__11::DDOOMMAAIINN__CC

CCIIRRCCUUIITTMMOONNIITTOORRIINNGGAARRCCHHIITTEECCTTUURREEFor static circuits, where theconfiguration rarely or never changes, asimple static monitoring architecture isenough. However, when circuits areprovisioned dynamically, the topology orresources of a circuit connecting twoend nodes may not always be the sameafter being reestablished. Different portsor even different network nodes may beused, even if the two ends remainunchanged. As a result, the addressesof corresponding measuring probes anddatabases will be different. Thearchitecture, therefore, should be able tohandle the changes dynamically.

CMon is designed to utilize servicesof perfSONAR to implement a flexibleand extensible solution for multidomaincircuit monitoring. But this principleshould not impede the development anddeployment of CMon in non-perfSONARdomains. Part of CMon directly interactswith the underlying CPS. This is due tothe fact that some CPSs are notintegrated with the perfSONAR platformas proposed in [12]. In this case, amiddle layer between the CMon and theCPS is required. Part of CMon directlyinteracts with data plane devices, whereperfSONAR is not covered.

A holistic view of the CMonarchitecture is shown in Fig. 4,consisting of three groups of functions:circuit provisioning functions from CPS,network monitoring functions fromperfSONAR, and circuit monitoringfunctions from CMon.

CCiirrccuuiitt PPrroovviissiioonniinnggFFuunnccttiioonnssA domain can have a different circuitprovisioning system from the others(e.g., OSCARS, AutoBAHN, andOpenNSA [13]), using the NetworkService Interface (NSI) protocol.However, regardless of the differencesbetween provisioning systems, threeelements are crucial from the circuitmonitoring perspective:

• The interdomain provider agent (IPA)provides interdomain-technology-agnostic functionality. It receives andprocesses high-level BoD reservation requests from users and other IPAs.

• The provider agent (PA) is responsible for intra-domain functionality. It receives the BoD reservation requests from the IPA, searches for a proper path within thedomain, and handles signaling to/from the data plane.

• The network resource manager (NRM) owns a particular set of transport resources and is responsible for authorizing and managing the use of these resources.

NNeettwwoorrkk MMoonniittoorriinnggFFuunnccttiioonnssperfSONAR has several functions thatare used by CMon (i.e., MA and LS)already described.

CCiirrccuuiitt MMoonniittoorriinnggFFuunnccttiioonnssFor circuit monitoring, additionalfunctions are required that focus onbinding the monitoring service to theunderlying circuit provisioning system toensure that data measurements, as wellas circuit reservation and terminationinformation, is collected. These tasks are provided by:

• CMon Headquarters (HQ) is the function responsible for gluing the circuit provisioning system and the network monitoring system, and gathering the measurement data of circuits. As mentioned previously, an extra layer, CMon-CPS, is introducedbetween CMon and the CPS. Although such cross-layer architecture limits the flexibility of the system, it is a relatively quick way to implement circuit monitoring. Considering future evolution, two sub-functions are created so that they can be separated easily, allowing the system to convert to a layered structure in the future. These two sub-functions are:• HQ-monitoring manager (HQ-MM)

is responsible for collecting and storing measurement data from either CMon agents (AGTs) or MAs.

• HQ-integration function (HQ-IF) is responsible for interfacing with theCPS to fetch circuits’ establishment and teardown information. Also, this function registers itself in the LS so that it can be searched by other perfSONAR parties.

• AGT is responsible for gathering monitoring data from either an MA or already existing monitoring proxies and sending the data in a formatted XML file to HQ periodically. SNMP traps from the data plane should alsobe handled directly by the AGT.

SID(a) = urn:ogf:network: domain_a.net: DOMAIN_A@127587204_res_1:DOMAIN_ASID(b) = urn:ogf:network: domain_b.net: DOMAIN_A@127587204_res_1:DOMAIN_BSID(c) = urn:ogf:network: domain_c.net: DOMAIN_A@127587204_res_1:DOMAIN_C

CID(a) = urn:ogf:network: domain_a.net: DOMAIN_A@127587204_res_1

Domain A Domain B Domain C

FFiigguurree 33.. CCiirrccuuiitt iiddeennttiififieerr aanndd sseeggmmeenntt iiddeennttiififieerr

32 CONNECT ISSUE 16 JULY 2014

TECHNICAL INSIGHT

CCOOMMMMUUNNIICCAATTIIOONNPPRROOTTOOCCOOLLBased on the architecture described,the communication workflow of differentfunctions is further presented in thissection.

The whole circuit monitoringprocess is divided into three phases:circuit notification, circuit monitoring, andcircuit termination. In addition to themonitoring procedures, all services (e.g.,MA and AGT) should constantlymaintain their registrations in the hLS intheir own domain.

CCiirrccuuiitt NNoottiiffiiccaattiioonn PPhhaasseeThe circuit notification phase starts fromthe time a circuit request is initiated untilthe circuit is successfully establishedand ready to carry traffic. In this phase,the circuit metadata (circuit descriptorand segment descriptor), describedearlier, are generated, and the HQ mustreceive it in order to fetch themeasurement data later on in the circuitmonitoring phase.

Each IPA sends the circuit descriptorand the segment descriptor in a circuitrequest message (CRM) to the HQ withestablishment information. (Informationis pushed to the HQ by the IPA). The HQcontacts the hLS and uses theinformation contained in the segmentdescriptor to obtain the addresses of theAGT that is available in the domain, andrelevant to the monitored circuit and itsparameters. Upon receiving theaddresses of the AGTs, the HQ sendsbegin commands to the AGTs in eachdomain, and each AGT responds with a200 OK message.

CCiirrccuuiitt MMoonniittoorriinngg PPhhaasseeThe circuit monitoring phase starts fromthe time the circuit is successfullyestablished and the AGT in each domainis ready to collect measurement datauntil a circuit termination command isinitiated either manually or automaticallyin the CPS. In this phase, live and historymeasurement data are provided.

After confirming the successfulreception of the begin command, eachAGT begins to periodically fetchmonitoring data from the local system(i.e., either the third-party monitoringproxy or the local MA, or directly fromthe devices). Alternatively, SNMP trapscan be set up in the data plane so that anetwork failure event can immediately bereported to the AGT and furtherforwarded to the HQ to raise alarms.

CCiirrccuuiitt TTeerrmmiinnaattiioonn PPhhaasseeAn established circuit should be able tobe terminated manually or automaticallywhen the reservation time has passed.Either way, the IPA should send a circuittermination message (CTM) to the HQ,indicating that the circuit is no longervalid or active.

Each IPA sends a CTM containingnecessary circuit and segmentdescriptors information to the HQ withtermination information. (Information ispushed to the HQ by the IPA.) The HQresponds to each IPA with a 200 OKmessage. The HQ sends an endcommand to each AGT related to thecircuit to stop fetching the monitoringdata of this circuit.

DDEESSIIGGNN AANNDDIIMMPPLLEEMMEENNTTAATTIIOONNThis section focuses on the softwaredesign and implementation of CMonand the current development status.

SSooffttwwaarree DDeessiiggnnFunctionalities of CMon can be logicallycategorized into three layers:presentation/rendering, business logic,and information exchange . As illustratedin Fig. 5, all major functionalities andinformation flows are organized at thesethree layers, listed below.

PPrreesseennttaattiioonn//RReennddeerriinnggIt is responsible for rendering monitoringdata in user-friendly and easy-to-comprehend ways. In Fig. 5, aweb-based front-end is taken as anexample for the representation ofaggregated monitoring data so thatusers can get access to their desireddata with a web browser. Administratorsof the interdomain monitoring service arealso capable of configuring andmodifying necessary system parametersthrough this layer. A CLI is provided as

an integral part of the CMon system.Multiple ways of presentation data meetthe multimodal accessibility requirementdiscussed earlier.

BBuussiinneessss LLooggiiccThe core part of CMon is the businesslogic layer, which performs actual dataprocessing and storage operations. Itcontrols scheduled queries of distributedmonitoring data. As explained earlier,once a circuit is created, acorresponding monitoring data objectmust be created on the fly so that userscan access information almost instantly.

To serve this purpose, CMoncomputes a set of nodes through whichthe established circuit traverses, andconfigures the individual metadata foreach circuit (e.g., pulling intervals forquery scheduling). Once a circuit isterminated, its corresponding monitoringdata objects are automaticallydeactivated so that no related data willbe further pulled from the participatingnodes. This design approach considersthe flexibility requirement stated earlier.

IInnffoorrmmaattiioonn EExxcchhaannggee Information exchange preparesincoming and outgoing data into properformats that can be comprehended byexternal data acquiring entities. Theseinclude queries and results exchangedbetween CMon and distributed datacollecting entities (e.g., MA/MP).Moreover, a communication manager(noted as CommManager in Fig. 5) isresponsible for conductingcommunications with distributed datacollecting entities with the prepared data.

GUI(Graphical User Interface)

Database

HQ(Headquarters)

AGT(Agent)

MA(Measurement

Archive)

LS(Lookup Service)

CPS (Circuit Provisioning

System)

IPA (Inter-domain Provider Agent)

MP(Measurement

Point)

Data Plane

Third-party Monitoring Proxy

FFiigguurree 44.. CCiirrccuuiitt mmoonniittoorriinngg aarrcchhiitteeccttuurree

33

TECHNICAL INSIGHT

The implementation of CMon alsoincludes a lightweight data collectingagent, AGT, which can be appliedindependent from the MA. With thisimplementation, administrators at a localNREN can easily register their datacollecting agents with the central CMonserver (i.e. HQ) and remain in full controlof monitoring data flow. Thiscomplementary implementation makesCMon itself more flexible, independent,and self-contained, while it continues tosupport the perfSONAR MA/MP. Thisdesign addresses the simplicity andcontrollability requirements mentionedearlier.

Note that all data communicationsbetween participating components areencrypted and authenticated usingdigitally signed certificates as required.

IImmpplleemmeennttaattiioonn aannddCCuurrrreenntt DDeevveellooppmmeennttSSttaattuussThe CMon system is currentlyimplemented with Python for itssimplicity, flexibility, and rich libraries.With those properties the systemdevelopment efforts can be focused onthe business logics and can be done ina highly efficient fashion. Communicationbetween distributed subsystems usesJavaScript object notation (JSON)-based data objects, in which all queries,data exchanges, and remote procedurecalls (RPCs) are encapsulated andtransmitted over networks. As previouslystated, data exchanges are all encryptedto ensure security.

In the background, a JSON-baseddatabase is used for the persistentstorage of monitoring data. For theserver to store monitoring data obtainedfrom distributed monitoring entities, verylittle processing effort is required since alldata is transported over networks in theJSON format.

Acquisition of monitoring data isrealized by calls of remote procedurespublished by servers in forms of stubs.In the actual implementations, both dataacquisition sites (HQ and AGT) and dataproviding sites (MA/MP) publish theiressential functions as RPC stubs, whichcan be called by the other party withoutrevealing implementation details. Forexample, a data acquisition site can pullmonitoring data from various datacollecting sites by parameterized callingof the proper stubs to query desiredSNMP data on the remote devices.

CCOONNCCLLUUSSIIOONNThis article has introduced amultidomain circuit monitoring system,CMon, using services of GÉANTPerformance Focused Service OrientedNetwork Monitoring ArchitectureMultidomain Monitoring (perfSONARMDM). The architecture provides thebest flexibility and extensibility to adaptto either further changes in the circuitprovisioning systems or the expansion ofthe NREN community. As an on-demand circuit is provisioned, anotification message including circuitmetadata is sent to CMon from theCPS. Furthermore, CMon looks up theaddresses of the measurement probesrelated to the provisioned circuit (i.e.,AGTs and MAs) in the hLS. Once theaddresses are obtained, CMon beginsto query the probes for measurementdata, and then presents the data to itsusers and network administrators. Byusing measurement federations, circuitmonitoring in a multidomain environmentthus becomes efficient and beneficial toits users. The future research anddevelopment plan will focus on areassuch as more approachable userinterfaces, data verification and accesscontrol, and multi-HQ scalability.

RREEFFEERREENNCCEESS[1] J. Lukasik, “Autobahn Overview,” 2011, http://geant3.archive.geant.net/

service/autobahn/Resources/Pages/ Resources.aspx.[2] C. Guok et al., “Intra and interdomain Circuit Provisioning Using the

Oscars Reservation System,” 3rd Int’l. Conf. Broadband Commun., Networks and Systems, 2006, Oct. 2006.

[3] J. Tanaka et al., “Field Demonstration of Dynamic Circuit Provisioning by Web Services Interface Proxy for Lambda and Ethernet Based Administrative Domains,” Commun. and Photonics Conf. and Exhibition, Asia, Dec. 2010.

[4] D. Colle et al., “Enabling High Availability over Multiple Optical Networks,” IEEE Commun. Mag., vol. 46, 2008, pp. 120–26.

[5] E. Boschi et al., “Intermon: An Architecture for Inter- Domain Monitoring, Modelling and Simulation,” NETWORKING ’05, Jan. 2005.

[6] P. Morand et al., “Final Specication of Protocols and Algorithms for Inter-Domain SLS Management and Traffic Engineering for Qos-Based IP Service Delivery,” Del. D1.3, MESCAL, June 2005.

[7] A. Mehaoua et al., “Service-Driven Inter-Domain QoS Monitoring System for Large-Scale IP and DVB Networks,” Comp. Commun., vol. 29, 2006, pp. 1687–95.

[8] A. Belghith et al., “Proposal for the Configuration of Multi-Domain Network Monitoring Architecture,” 2011 Int’l. Conf. Info. Networking, Jan. 2011.

[9] J. V. M. Kar asek, J. Radil, “Optical Amplifiers in Czechlight & cesnet2,” www.ces.net/events/20050516/.

[10] J. Zurawski and A. Brown, “perfsonar Introduction,” Feb. 2011, http://www.internet2.edu/workshops/npw/ materials/WJT2011/20110202-NPW-pS-Introduction.pdf.

[11] M. Yampolskiy and M. K. Hamm, “Management of Multidomain End-to-End Links — A Federated Approach for the Pan-European Research Network GÉANT 2,” 10th IFIP/IEEE Int’l. Symp. IEEE Integrated Network Management, 2007, IM’07, 2007, pp. 189–98.

[12] J. Gutkowski, R. Lapacz, and J. Lukasik, “Autobahn and perfsonar Integration, Circuit Monitoring,” Apr. 2011, http://www.geant.net/Media Centre/Media Library/MediaLibrary/AutoBAHN-perfSONAR-integration- spec-1.0.pdf.

[13] OpenNSA, 2013, github.com/jeroenh/OpenNSA

BBIIOOGGRRAAPPHHIIEESSHHAAOO YYUU (haoyu@fotonik.dtu.dk) received M.Sc. and Ph.D. degrees from theTechnical University of Denmark, in 2007 and 2011, respectively. He is currentlyworking as a post- doc at the Technical University of Denmark. His researchinterests include interdomain network management, software-definednetworking, future Internet architecture, multicast for high-speed switches,traffic management in carrier Ethernet, the control plane for next generationnetworks (NGN), IPTV service, and related applications in IMS and NGN.FFEENNGG LLIIUU (feng.liu@lrz.de) is a senior researcher at Leibniz SupercomputingCentre (LRZ) of the Bavarian Academy of Sciences and Humanities, Munich,Germany. He received his Ph.D. in computer science from Ludwig-Maximilians-Universität München (LMU) and his M.S. (Dipl. - Inf.) from TUClausthal, Germany. His research interests include inter-domain networkmanagement systems, SDN, cloud computing, and network virtualizationtechnologies. He is also interested in applying data mining, machinelearning, and other AI techniques to network management.SSUUSSAANNNNEE NNAAEEGGEELLEE--JJAACCKKSSOONN (susanne.naegele-jackson@fau.de)graduated with an M.Sc. in computer science from Western KentuckyUniversity and the University of Ulm, Germany. She received her Ph.D. (Dr.-Ing.)from the University of Erlangen-Nuremberg in 2006 and has worked at theRegional Computing Center of the Universi- ty of Erlangen-Nuremberg since1998 on a variety of national and international research projects such as GTB,Uni-TV, VIOLA, MUPBED, EGEE-III, GN3, FEDERICA, NOVI, and GN3plus.TTAANNGGUUII CCOOUULLOOUUAARRNN (tacou@dtu.dk), Ph.D., works at the TechnicalUniversity of Denmark for the Danish e-Infrastructure Cooperation (DeIC). Hemanages the GÉANT Bandwidth-on-Demand Service co-offered by severalNRENs at the European level.TTRRUUPPTTII KKUULLKKAARRNNII (trupti.kulkarni@dante.net) joined DANTE in April 2009.She is a senior software engineer, and has been responsible for design,development, and maintenance of various applications used for inventorymanagement and monitoring of the GÉANT network. She has a Bachelor’sdegree in computer science and engineering.WWOOLLFFGGAANNGG HHOOMMMMEELL (wolfgang.hommel@lrz.de) is head of thecommunication networks planning group at the Leibniz SupercomputingCentre of the Bavarian Academy of Sciences and Humanities. He studiedcomputer science at Technische Universität München and has a Ph.D. aswell as a postdoctoral lecture qualification from Ludwig-Maximilians-Universität, Munich, Germany. His research, for which he was granted the KarlThiemig Foundation’s Young Academics Award in 2011, focuses on networkmanagement in complex large-scale and interorganizational scenarios.JJOOSSVVAA KKLLEEIISSTT (kleist@nordunet.net) holds a Ph.D. and M.Sc. in computerscience, and is coordinating the design and implementation of NORDUnetdevelopment projects, including NORDUnet activities within the GÉANTprojects. He joined NORDUnet in 2006 and worked as an NDGF softwarecoordinator until the end of 2010, and was one of the main drivers behind theNordic distributed WLCG Tier-1. He came to NORDUnet from AalborgUniversity, where he held a position as associate professor in computer science.LLAARRSS DDIITTTTMMAANNNN (ladit@fotonik.dtu.dk) received his M.Sc.E.E. and Ph.D.from the Technical University of Denmark (DTU) in 1988 and 1994. He is aprofessor at DTU within the area of integrated network. He is leading aresearch group on network technology and service platforms, and is also thecluster leader (defining the overall research strategy) for about 85researchers in the area of communication technology.

Presentation/rendering Business logic Information exchange

WebServer

DataBridge

CommManager

CommonParser

Createwebpage

Computelink set

<<datastore>>CommonDB

Link updatemanager

Querymonitoringinformation

Presentresults in

HTML

Changesystem

parameters

<<!ow>>

Determine linksto be updated

Create webpage asresults

Send queryto MA/MP

for updatesSendupdatequery

Wrapmessage

Determinelinks to be

queried Compose DBquery

Query DB

Client

Admin

<<!ow>>

<<!ow>>

FFiigguurree 55.. DDyynnaammiicc vviieeww ooff CCMMoonn

34 CONNECT ISSUE 16 JULY 2014

COMMUNITY NEWS

THE 2014 ARNES CONFERENCE– AN EXCHANGE OF KNOWLEDGE AND IDEAS

New ways of teachingproposed by the EuropeanCommission through theOpening Up Education

initiative are introducing numerousnew approaches, both from theperspective of using technology ineducation and to the concept ofteaching itself. The main goal of thisinitiative is to provide learningenvironments and content that will beavailable to all. At this year’s ARNESConference, which took place inKranjska Gora on 28 May 2014, wehave thus focused on solutions thatfacilitate the open exchange ofknowledge.

The event was an opportunity tohost experts in various fields closelyrelated to the educational process. Atthe keynote, we introduced aNorwegian pilot model for secure e-testing of knowledge which has seenthe participation of all Norwegianuniversities. Special attention was alsogiven to e-education at Slovenianuniversities.

In line with these trends, theconference continued with apresentation on Massive Open Online

Courses (MOOCs), which have beenbringing education to all that desire it,both in Europe and beyond. We hadthe honour of hosting a representativeof one of the leading European highereducation environments, iversiti.org,who explained the MOOC platform ofEurope’s largest provider of freemassive online education from atechnical perspective. We also had theopportunity to see how these kinds ofcourses work in Croatia and what isbeing done in this field in Slovenia.

The next sessions delved into thecurrent challenges of the entireeducation and research vertical inSlovenia. We introduced varioussolutions which can assist the user ineveryday tasks and some content forthe technically most demandingattendees – people who view advancedinformation and communicationstechnology as a personal challenge.

This year’s ARNES Conference,which was once again successfully heldwithin the framework of the SIRiktinternational multiconference, is over,but new challenges and new ideasalready await at the autumn Networkof Knowledge Conference.

Maja Vreča has worked at Arnes since 1995. She currently she works head ofuser support and as a team member of the Safer Internet Center SAFE-SI.

35

COMMUNITY NEWS

EDUROAM EXTENDS CONNECTIVITY TO NHSHEALTHCARE STUDENTS NOWBENEFIT FROM BANDWIDTH ‘IN THE FIELD’Ed Wincott, eduroam(UK) service manager at Janet, part of Jisc,which provides eduroam national services in the UK

“visited service” and, if policy allows,possibly a home service too (currentlyonly those users involved in researchand education are eligible).

The benefits of extending eduroamconnectivity to NHS premises is a vitalstep to ensuring that UK clinicalstudents and researchers can continueto benefit from a high-speed, reliableconnection, wherever they study.

Students studying medicine,dentistry, nursing and clinicalresearchers spend a significanttime in hospitals and on-site in

NHS services. Although nearly all UKuniversities use Jisc supportededuroam® for guest network access,clinical students and researchers canmiss out on easy connectivity when “inthe field”. In fact, the NHS has typicallyless bandwidth available and morelimited user access.

In large cities where the bigteaching hospitals are often very closeto the partner university campus, thelocally agreed solution has often beento extend the university eduroamfootprint through the hospital’swireless network. Both theauthentication and resulting networkaccess traffic is routed through a localfirewalled link from the hospital to thepartner university.

There are some hospitals that aremore distant from a main universitycampus so a local link to supporteduroam is not cost effective. TheUniversity of Bristol found analternative approach to extending theeduroam footprint. They managed theauthentication process on behalf ofWeston-Super-Mare hospital (via atunnel between the national NHSnetwork N3 and Jisc’s education andresearch network Janet) while thehospital provided the connection to theinternet. After a successful pilot year,this model is now being explored by

similar hospitals with their universitypartners.

The advantages of eduroam to thehealth service community are clear.The South London and Maudsley NHSFoundation Trust, part of the King’sHealth Partners Academic HealthScience Centre, has joined the eduroamfederation in its own right. Thisapproach could be used by other NHSorganisations as a way of providing the

36 CONNECT ISSUE 16 JULY 2014

COMMUNITY NEWS

GÉANT REACHES AGLOBAL AUDIENCETHROUGH TNC2014During this year’s TERENA Networking Conference (TNC2014), as in previousyears, GÉANT sponsored a ‘distributed workshop’: sixteen presentations on a variety of topics related to the project were embedded in the conferencesessions. With TNC attracting ever more participants from around the world,these GÉANT presentations truly reached a global audience.

37

COMMUNITY NEWS

WordsLaura Durnford,SeniorCommunicationsOfficer, TERENA

In line with the theme ofTNC2014 - 'Networking with theworld' - participation byindividuals and organisations

from outside Europe was the highestyet. More than 660 people from 55countries attended the event in Dublinfrom 19-22 May. 18 percent of speakersand around 45 percent of participantswere from world regions outsideEurope. Remote participation alsoincreased compared with previousyears, with almost 3,000 peoplearound the world viewing live sessionstreams online.

TNC is the largest and mostprestigious European research andeducation networking conference, andparticipants include decision makers,network specialists and managers fromall major European networking andresearch organisations, universities,worldwide sister institutions andindustry representatives. Throughkeynote speeches by renowned

specialists, many parallel sessions,lightning talks, cutting-edgedemonstrations and numerous sidemeetings, TNC presents an overview ofthe latest developments in researchand education networking, both intechnical fields and in the areas ofapplication and management.

Topics withoutboundariesEvery year, TNC is packed withsessions that discuss a wide variety oftopics that are relevant to research andeducation (networking) around theworld. At TNC2014, keynote speakersJelmer Evers (UniC, NL), Tracy Futhey(Duke University, USA) and LordDavid Puttnam (UK) called on theTNC2014 participants to engage withthe challenges and requirementsrelated to technology in education andlearning, while Barend Mons(Netherlands Bioinformatics Centre,NL) called for data stewardship to beincluded in future research projects,Stephen Farrell (Trinity CollegeDublin, IE) issued a call to armsagainst pervasive monitoring, andMartyn Dade-Robertson (NewcastleUniversity, UK) presented data art.Other topics included ‘the globaluniversity’, cloud services andfederated identity for research andeducation.

Cross-continentalsignificancelThe growth in TNC’s cross-continentalattraction is evident from the fact that,for the past two years, the research andeducation networking organisation foreastern and southern Africa -UbuntuNet Alliance - has proactivelysought to send representatives fromnational R&E networkingorganisations to the conference. TheTNC2014 delegates therefore includednetwork engineers from RENU(Uganda) and MoRENet(Mozambique). “The chemistry ofperson to person contact is thestrongest glue of any community ofpractice,” explained Tusu Tusubira, CEO of Ubuntunet.“TNC is literally a global human cross-roads where our upcoming engineersand researchers can build such bondswith people who are passionate aboutthe practice of research and educationnetworking and its advancement aswell as the consequent humandevelopment opportunities andbenefits it entails.”

ASREN (Arab States Research andEducation Network) made anannouncement at TNC2014 that thefirst Points of Presence (PoPs) in thepan-Arab network had been opened, inLondon and Fujairah, in cooperationwith the EUMEDCONNECT3 project.Yousef Torman (ASREN) and AhmedDabbagh (Khalifa University) chose todisclose the news at TNC because “atASREN, we count on TNC as one of themost important venues for networkingamong experts, researchers,networkers, technologists andscientists from all over the world.”

GÉANT presenceAmong the highest rated TNC2014sessions were 5-minute ‘lightning talks’and a session about advancednetworking. The former includedpresentations about the GÉANT GreenTeam’s Shared EnvironmentalSustainability Policy Template forNRENs and an overview of theFederation-as-a-Service solution tolowering the technology barrier forNRENs and other interested groups inbuilding their Identity federation andusing the eduGAIN service. Theadvanced networking session includedan introduction to CoCo, theCommunity Connection service, whichis one of the GÉANT Open Call projectsrunning from October 2013 until April2015.

FurtherinformationTNC2014 was organised byTERENA and hosted by HEAnet,Ireland’s national education andresearch network. More aboutTERENA: www.terena.orgMore about HEAnet:www.heanet.ie

TNC2014 slides and papers can bedownloaded by clicking on therelevant session via:http://tnc2014.terena.org/schedule. Archived session videostreams and video interviews withkeynote speakers are available onwww.youtube.com/user/TERENATube/tnc2014.

TNC2015 will be hosted by FCT-FCCN in Porto, Portugal from15-18 June 2015:https://tnc2015.terena.org.

38 CONNECT ISSUE 16 JULY 2014

COMMUNITY NEWS

CERN PROVIDES SINGLELOGIN TO RESEARCH INSTITUTIONS THROUGHSWITCHaai AND EDUGAINLARGE SCALE RESEARCH COLLABORATIONSWILL BENEFIT FROM SIMPLIFIED ACCESS TO ONLINE SERVICES

39

COMMUNITY NEWS

PictureResearchers at CERN

CERN is now usingSWITCHaai to simplify accessto online services. SWITCH’sstandardised authentication

process allows certain CERN membersof personnel to use the online servicesof affiliated research institutions anduniversities more easily. TheAuthentication and AuthorisationInfrastructure (AAI) connectsresearchers around the world with a single login.

The AAI login is available at almostall Swiss universities. It has clearlyenhanced Switzerland’s standing as aresearch location by improving processefficiency. CERN recently signed anagreement with SWITCH this month touse SWITCHaai. "Internationalcollaboration plays an essential role inour scientific activities," says FrédéricHemmer, head of CERN ITdepartment. "Joining the SWITCHaaifederation is an important step as ourcommunity will be able to connect in

an easier way to our services andresources thanks to the use of a singleset of access credentials."

A single login forglobal accessThe cooperation with SWITCH linksthe world-leading research centre’semployees up to eduGAIN, theinterfederation service provided as partof the pan-European GÉANT project.This means that CERN collaborators allover the world can access CERN’sonline services using their homeinstitution’s login account. In addition,certain CERN members of personnelcan access selected services providedby other institutions via the nationalAAI federations participating ineduGAIN. "SWITCH is convinced thatfederated identity is highly beneficial tothe sort of large-scale scientificcollaborations and projects that havebeen typical in particle physics over thepast decades," says Christoph Witzig,Head of Central ICT Providers, theSWITCH unit responsible foridentification services in the Swisshigher education sector. "SWITCH isdelighted by CERN’s decision to jointhe SWITCHaai Federation and looksforward to working with it in this area."

SWITCHaai:straightforward and efficientAll members of the AAI Federation,including major universities,universities of applied sciences andother educational institutions, use thesame standard to validate access totheir password-protected services andresources. With a single user name andpassword, the institution’s AAI login,users can access a range of e-learningsystems and web applications providedby all participating universities inSwitzerland. This reduces theadministrative workload for theuniversities and enables them to maketheir teaching content available to abroader academic audience. Similarinfrastructures are being developedaround the world.

About SWITCHaaiSWITCH service giving universitymembers access to various e-learningsystems and web applications providedby all participating universities inSwitzerland using a single user nameand login belonging to their university.Some 390,000 users at 55 participatinginstitutions can use more than 770services registered with SWITCHaai.

40 CONNECT ISSUE 16 JULY 2014

GLOBAL NEWS

NNEEWW RR&&EE NNEETTWWOORRKK HHUUBBFFOORR TTHHEE GGUULLFF RREEGGIIOONN TTOO BBEE LLAAUUNNCCHHEEDD IINN FFUUJJAAIIRRAAHH,, UUAAEE

Europe to AGE-OX. Currently there isno such connectivity in place betweenGÉANT and UAE.

Please contact David West atdavid.west@dante.net if you areaware of any user institutions withremote campuses in UAE (e.g. Dubai,Abu Dhabi)

As announced at TNC2014 anew R&E internet exchangepoint is being established inUAE at Fujairah by the local

NREN Ankabut and ASREN (the Arabregional R&E networking organisation),expected to be operational Q4 2014.

Known as ‘Arabian GlobalEducational Open Exchange’ (AGE-

OX), the PoP is likely to see New YorkUniversity’s remote site in UAE as itsfirst user. Following a surveyconducted in 2013 by the InternationalRelations team, DANTE is aware thatmany European universities haveremote campuses in UAE and isgauging the interest with the GÉANTcommunity in R&E connectivity from

WordsHelga Spitaler,SeniorCommunicationsOfficer, DANTE

By Tom Fryer, Senior International Relations Officer, DANTE and Helga Spitaler, Senior Communications Officer, DANTE

GGLLOOBBAALL NNEEWWSS

41

GLOBAL NEWS

TThhee OORRIIEENNTTpplluuss pprroojjeecctt mmaaiinnttaaiinnss aanndd ddeevveellooppss rreesseeaarrcchh aannddeedduuccaattiioonn lliinnkkss bbeettwweeeenn GGÉÉAANNTT aanndd CChhiinnaa.. HHeerree iiss aa vviissuuaalliissaattiioonn oofftthhee ffaaccttss,, ffiigguurreess aanndd iimmppaacctt ooff tthhee pprroojjeecctt,, wwhhiicchh pprroovviiddeess eesssseennttiiaallbbaannddwwiiddtthh ffoorr aallll ccoollllaabboorraattiinngg EEuurrooppeeaann aanndd CChhiinneessee rreesseeaarrcchheerrss..

42 CONNECT ISSUE 16 JULY 2014

GLOBAL NEWS

CCLLAARRAA RREECCOOGGNNIISSEESS KKEEYYPPLLAAYYEERRSS IINN FFOOUUNNDDIINNGGOOFF RREEDDCCLLAARRAA

The other individuals recognisedwere: Ida Holz (RAU, Uruguay), LuisFurlán (RAGIE, Guatemala), NelsonSimoes (RNP, Brazil), Rafael Ibarra(RAICES, El Salvador), Carlos Casasús(CUDI, Mexico), Florencio Utreras(CLARA, Latin America), MarioCampolargo (European Commission),Elena Villar Pascual (EuropeanCommission).

On 10th June 2003 in Vallede Bravo, Mexico, thestatutes for the CLARA(Latin American

Cooperation for Advanced Networks)organisation were signed, and with itthe success story of the LatinAmerican R&E network, RedCLARA,took root. Eleven years later, in May2014, the RedCLARA communityreturned to Mexico, this time toCancun with its azure-coloured watersfor its annual TICAL (Latin AmericaICT) conference and RedCLARAmeetings. In the closing session of theTICAL conference, which this year sawa record participation of over 400

people, the audience was taken backeleven years to the beginnings ofRedCLARA and public recognitionwas given to the people who workedtirelessly in 2003 to make RedCLARAa reality. Among those recognised andpresented with a framed photo fromthe statutes-signing meeting, wasDANTE and GÉANT’s Cathrin Stöver,who was project manager of the firstEC-co-funded ALICE (Latin AmericaInterconnected with Europe) project.Though unable to attend in person,Cathrin expressed her gratitudethrough a message to the audience,and congratulated RedCLARA on itssuccesses.

WordsTom Fryer,SeniorInternationalRelations Officer,DANTE

For more information onRedCLARA, visitwww.redclara.net

43

GLOBAL NEWS

GGLLOOBBAALL SSEERRVVIICCEE CCOOLLLLAABBOORRAATTIIOONN:: RRAAIISSEEDD PPRROOFFIILLEE AATT IINNTTEERRNNAATTIIOONNAALL MMEEEETTIINNGGSS

GÉANT, HEAnet, RNP (the BrazilianNREN) the TEIN Community and theUbuntuNet Alliance, chaired by AnnaHunsinger of Internet2. A week later inCancún, Mexico, RedCLARA’s annualTICAL conference for ICT directors ofLatin American universities enjoyed apanel session with Niels Hersoug(GÉANT), Florencio Utreras(RedCLARA) and Shelton Waggener(Internet2) who discussed the future ofNRENs and how the R&E networkingcommunity will need to interact inorder to meet the future service needsof all. The theme continued at theUbuntuNet Alliance meeting held inEntebbe, Uganda, at the beginning ofJuly with a session devoted to sharedservices.

It would be difficult to summarise ina few lines the many thoughts sharedin these discussions, but one conceptdid seem to arise time and again frommany of the participants, and that isthat there is a strong need for networksaround the world to share not only theirexperiences with services, but also toexplore ways and discuss howservices and collaboration tools canbe shared and made available to usergroups across the world.

Research collaboration isincreasingly global in natureand the fact that GÉANT’sconnectivity to other world

regions has grown apace in recentyears is a reflection of this. Forinstance, since March 2012, GÉANT’sglobal links for production IP traffichave increased by 50% from justunder 73Gbps to just over 110Gbps,the most recent increase in capacityresulting from a doubling of capacityto RedCLARA in Latin America with anew link of 5Gbps.

However, connectivity alone is notsufficient to provide for the needs ofresearch groups spread around theglobe. Services such as eduroam®and eduGAIN are increasing theirglobal reach, enabling wider access to connectivity and on-line services.Tools such as perfSONAR enablenetworking engineers to identify whereperformance issues lie so that theycan be resolved as quickly aspossible, improving the reliability of thenetwork. Bandwidth on demandmakes it possible to provision therequired capacity as and when it isneeded.

Users however require additionaltools and services which enable them

to carry out their day-to-day work moreefficiently and easily. Tools such ascost-effective and user-friendly web-conferencing and other real-timecollaboration tools are highlydesirable, as are file storage andtransfer tools.

As a result efforts are being madeto provide such tools for end users, insome cases by individual universities,in others by NRENs and regionalnetworks. In order to make best use ofresources and expertise, significantefforts already exist to co-developstandards and make tools available,examples include the EC-fundedELCIRA (Europe Latin AmericaCollaborative e-Infrastructure forResearch Activities), and focus groupsof the CEO Forum such as the GlobalVideo Alliance and Global ServiceDelivery groups.

This increased global interest insharing experiences and tools, andworking together on standards andimplementations, has been reflected atthree recent international R&Enetworking events. The TNC2014 inDublin in June this year saw a paneldiscussion entitled “GlobalCollaboration Makes Us Stronger”involving representatives from the

WordsTom Fryer,SeniorInternationalRelations Officer,DANTE

FFIIFFAA WWOORRLLDD CCUUPP IINN 88KK::LLAARRGGEE SSPPOORRTTIINNGGEEVVEENNTTSS TTRRIIGGGGEERRIINNGGNNEETTWWOORRKK RREESSEEAARRCCHH

44 CONNECT ISSUE 16 JULY 2014

GLOBAL NEWS

television media prevents 8K signalsfrom being transmitted over longdistances. This is why this projectdepended on the technologicalsupport of NTT Network InnovationLabs (Nippon Telegraph andTelephone Corp.), RNP (Brazil’s R&Enetwork) and other research networksin Latin America, the USA and Japan.

Altogether, 9 matches wereselected by NHK for live streaming in8K, starting with the first Japan game(Japan vs. Ivory Coast in Recife onJune 14th) and concluding the show

Between June 14th and July13th 2014, while the soccerballs were rolling in Brazilianstadiums, Research &

Education networks played animportant role in providing publicviewing of live TV images of the FIFAWorld Cup in 8K resolution (7680 x4320 pixels) in Japan. The hugedistance between Brazil and Japan,half a world apart, sets new challengesfor streaming digital images spanningmultiple domains over long-distancenetworks.

The project is led by the Japanesepublic television company, NHK,which since their coverage of the 2012London Olympic Games isexperimenting with and improving itsnew 8K streaming technology(branded “Super Hi-Vision” or SHV).NHK technology is currently able tocompress SHV video flows at 60frames per second to 300Mbps IPformat. The same video in anuncompressed fashion would requirealmost 24 Gbps to be streamed. Thecurrent state of the art of digital

WordsLeandro Ciuffoand MichaelStanton, RNP,Brazil HisaoUose andTatsuya Fujii,NTT InnovationLabs, JapanShinichiSakaida, NHKLabs, Japan

45

GLOBAL NEWS

with the World Cup final betweenArgentina and Germany in Rio deJaneiro on July 13th. The selection ofgames took into consideration thelogistics of moving the NHK outsidebroadcast vehicle containing the 8Kcapture and editing equipmentbetween the hosting cities in Brazil.

All matches were first streamed tothe FIFA´s International BroadcastCenter (IBC), regardless the locationof the stadium. The IBC was located inthe Riocentro – a big conference andexposition centre in Rio de Janeiro –and the FIFA communications networkthat interconnects all stadiums to theIBC was provided by the Braziliantelecommunications company,Telebras.

From the IBC, the 8K signal wasstreamed to the RNP Point of Presence(PoP) in Rio, using RNP´s ownmetropolitan network. From there, itwas streamed to Tokyo using three ofthe five redundant international routesthat have been configured, as shownin the map.

To create a securecommunications path suitable for 8Kvideo transmission over multiple IPnetworks, NTT applied a very powerfulforward error correction (LDGM-FEC)technology using a block size of150,000 packets with 20%redundancy combined with the multi-

path transmission scheme. Thoseadded redundancies can eliminateerrors such as black-out or blockartifacts on the screen, even when allpaths but one are disconnected andthe loss of 20,000 successive packetsoccurs in the remaining path.

The games in 8K were streamedlive to 7 viewing sites, 4 in Japan, inthe cities of Tokyo, Yokohama, Osakaand Tokushima, and 3 in Rio, at theIBC, the Sofitel hotel (one of thoseused by FIFA) and the auditorium ofthe Brazilian Centre for PhysicsResearch (CBPF). This latter venuehosted viewing sessions organised incooperation with the Brazilianbroadcaster TV Globo. Selectedaudiences of students, researchers,professors, authorities andrepresentatives from press andindustry were invited to attend bothpre-recorded and live sessions. Inaddition to the 8K video, the invitedaudiences enjoyed the Super Hi-Vision’s 22.2 channel 3D sound system.

The pre-recorded public screeningsessions were organised to demonstrateSHV technology. Each 30 minutesession displayed a selection ofassorted 8K contents, including Rio’scarnival, a Japanese fashion show andWorld Cup highlights. Altogether, morethan 900 viewers attended thetechnological demonstrations at theCBPF venue in Rio.

SSUUPPEERR HHIIGGHHVVIISSIIOONNDDEEMMOONNSSTTRRAATTIIOONNIINN NNUUMMBBEERRSS

9World Cup matches streamedlive in 8K to 7 viewing sites inJapan and Rio

275 inches (6,30m x 3,63m) wasthe size of the screen in the mainPV site in Rio

22.2 audio channels distributedin 33 loudspeakers

5 redundant network routes wereconfigured between Rio andTokyo to stream the video flows

400Mb/s was the requiredbandwidth

24 Gb/s would be necessary tostream uncompressed 8K imagesat 60fps

8K resolution (7.680 x 4.320pixels) is 16 times Full-HD, or 4 times 4K

WWOORRLLDD CCUUPP 22001144 GGAAMMEESSSSTTRREEAAMMEEDD IINN 88KK::

14th JuneIvory Coast 2-1 JapanVenue: Recife16th JuneGhana 1-2 USAVenue: Natal19th JuneJapan 0-0 GreeceVenue: Natal23rd JuneCamaroon 1-4 BrazilVenue: Brasilia28th JuneBrazil 1-1 ChileVenue: Belo Horizonte30th JuneFrance 2-0 NigeriaVenue: Brasilia5th JulyArgentina 1-0 BelgiumVenue: Brasilia8th JulyBrazil 1-7 GermanyVenue: Belo Horizonte13th JulyGermany 1-0 ArgentinaVenue: Rio de Janeiro

GLOBAL NEWS

46 CONNECT ISSUE 16 JULY 2014

GLOBAL NEWS

47

UUBBUUNNTTUUNNEETT HHIIGGHHSSPPEEEEDD RR&&EE NNEETTWWOORRKKCCOOMMMMIISSSSIIOONNEEDD

UbuntuNet Alliance, theresearch and educationnetwork for Eastern andSouthern Africa; andDANTE, the operator of GÉANT, the pan-European research andeducation network,announced in July thecommissioning of theUbuntuNet network, theregional high-speedInternet networkconnecting researchers,educators and studentsin Eastern and SouthernAfrica to their peers in the region and toEurope.The African research and educationcommunity has for far too long carriedthe burden of slow Internet connectivitywhich has consequently widened thegap between the continent’s researchersand their peers globally. Theestablishment of national research andeducation networks (NRENs), theregional UbuntuNet Alliance, and thekick-off of AfricaConnect are milestonestransforming the research and educationlandscape on the continent.

A major immediate impact of thenetwork is that connectivity costs havedropped from a regional monthlyaverage of $4,000 per 1 Mbp/s to $135per 1 Mbp/s – a 97% cost reduction injust four years! This shows that theprogress of rolling out the UbuntuNetnetwork has unfolded at an impressivelygood pace and Chief Executive Officerof UbuntuNet Alliance, Eng. Dr TusuTusubira does not hide his joy at thisamiable stride in promoting researchand education networking in the region:

“We are delivering international andregional bandwidth to NRENs in thesecounties at a consolidated price of $135per megabit per second per month. Ifind this exciting, because at last, wehave eliminated one barrier to regionalparticipation in global research andeducation collaboration,” Said DrTusubira.

The lowered cost of bandwidth andgreater network resiliency is helping allsorts of research. For example, the newUbuntuNet circuit between Dar esSalaam and Lusaka is expected tocontribute significantly to improvedhealth research in bioinformatics inZambia.

Impressively, through theAfricaConnect project, more countrieshave been connected to the UbuntuNetnetwork than initially envisaged. TheAlliance is grateful for the assistancerendered by the European Commissionin helping to scale-up rollout of theregional component of the UbuntuNetnetwork. These strides would also nothave been possible without thepartnerships and rapport betweenDANTE, UbuntuNet Alliance, WACRENand respective partner NRENs.

AfricaConnect has birthed a moreresilient and secure high-speed networkthat offers greater connectivity betweenAfrican countries, as well as high-speedlinks to the pan-European GÉANT.Economically, the UbuntuNet network isgradually pushing countries in Easternand Southern Africa towards realizingthe MDGs through improved ICT.

WordsJoe Kimaili,TechnicalManager,UbuntuNetAlliance

““TThhrroouugghh tthhee ccoollllaabboorraattiioonnwwiitthh GGÉÉAANNTT,, tthheeUUbbuunnttuuNNeett nneettwwoorrkk iissbboooossttiinngg EEUU--AAffrriiccaannccoollllaabboorraattiioonn,, bbrriinnggiinnggrreesseeaarrcchh aanndd eedduuccaattiioonnaallooppppoorrttuunniittiieessuunnpprreecceeddeenntteedd iinnAAffrriiccaa.. TThhee iimmpplliiccaattiioonnss ffoorrssoocciioo--eeccoonnoommiiccddeevveellooppmmeenntt ggoo ffaarr bbeeyyoonnddaannyytthhiinngg wwee ccoouulldd hhaavveeddrreeaammeedd ooff bbeeffoorree,, ppuuttttiinnggAAffrriiccaann rreesseeaarrcchh oonn tthheemmaapp aanndd ttrraannssffoorrmmiinngg tthheelliivveess ooff mmiilllliioonnss.. II aamm vveerryypprroouudd tthhaatt GGÉÉAANNTT iiss tthheeffiirrsstt RR&&EE nneettwwoorrkk ttooccoonnnneecctt ttoo AAffrriiccaa!!””

Cathrin Stöver, ChiefInternational Relations Officer,DANTE

FFoorr mmoorree iinnffoorrmmaattiioonn,, vviissiitt::

UbuntuNet Alliancewwwwww..uubbuunnttuunneett..nneett

AfricaConnectwwwwww..aaffrriiccaaccoonnnneecctt..eeuu

48 CONNECT ISSUE 16 JULY 2014

Q&A

CCOOFFFFEEEE BBRREEAAKK QQ&&AAEach quarter we invite a GÉANT projectparticipant to tell us a bit about their role at GÉANT and themselves. Grab yourself a coffee and enjoy!

NNAAMMEE::Remco Poortinga – van Wijnen

JJOOBB TTIITTLLEE AANNDDOORRGGAANNIISSAATTIIOONN::Team lead CollaborationPlatforms at SURFnet

TTEELLLL UUSS AABBOOUUTTYYOOUURR RROOLLEE OONNTTHHEE GGÉÉAANNTTPPRROOJJEECCTTI’m currently Acting ActivityLeader for GN3plus JRA3 -Identity and Trust technologiesfor GÉANT services. StefanWinter from RESTENA and Ifilled in for Licia Florio duringher parental leave. Around thattime the whole Open Callsprocess started as well, and

we kept the resulting TechnicalCoordinator role when Liciareturned. I remained asacting/backup AL since Liciahad a lot of other responsibilitiesthat were difficult to combinetime-wise; which also meant Irepresented JRA3 at the year 1review in June.

WWHHAATT’’SS TTHHEEBBEESSTT BBIITT AABBOOUUTTYYOOUURR JJOOBB??Working with all the smart,enthusiastic and fun peoplefrom various organisations allacross Europe on interestingand relevant topics. It’sinteresting to see similar topicspopping up at various placesnearly simultaneously andnoting the similarities anddifferences in how they areaddressed.

FFAAVVOOUURRIITTEE FFIILLMM??The Adventures of Priscilla, Queen of the Desert (1994)

RREEAADDIINNGG AANNYYTTHHIINNGGIINNTTEERREESSTTIINNGG??I just finished reading all the DetectiveErlendur novels by Indriðason, highlyrecommended. A more serious novelthat I read almost in one go and reallyimpressed me was The Kite Runner byKhaled Hosseini.

GGOOTT AANNYY HHOOBBBBIIEESS??TTEELLLL UUSS AALLLL!!I like to tinker with all kinds of devices,must be my background in electricalengineering and the total lack ofsoldering irons in my daily work. Mylatest biggish project was refurbishing a20+ years old (Quick Mill) espressomachine. Of course I also replaced thebimetallic thermostat with a self builtelectronic version, meaning the watertemperature for brewing espresso nowvaries less than 5 °C (instead of morethan 20 °C); I even convinced myself ittastes better now.

PicturePhoto byAndreas ÅkreSolberg

https://www.flickr.com/andreassolberg/14091924411.License athttps://creativecommons.org/licenses/by-nc-sa/2.0/

Until a few years ago I was quiteactive in designing and building solid-state audio amplifiers (using transistorsonly, since integrated circuits tend to doall kinds of nasty stuff to the sound).Unfortunately I can’t really find the timeto do that anymore, so for now I stick totinkering with existing devices.

LLAASSTT MMEEAALL??Cod with tomato, cheese and Italianherbs/spices from the oven, combinedwith a simple salad. Super easy to makebut tasty: Put the cod in a buttered ovendish. Sprinkle with some lemon juice.Lay slices of tomato on top and put saltand spices on those, followed by gratedcheese. Put in the oven for 20 minutesor so on 180 °C.

TTOOPP TTHHRREEEE AALLBBUUMMSS OOFFAALLLL TTIIMMEE??Difficult, there is a lot of very good musicaround and I am quite a musicalomnivore. But if I think of the albumsthat I keep returning to, then this mustbe my top three:

Q&A

49

1. Pink Floyd - The Final Cut2. The Beatles - Sgt. Pepper’s Lonely

Hearts Club Band3. Front 242 - Front by Front

At home the (internet) radio is mostlytuned to Classic FM UK. Classical musicis the only type of music my husbandand I both like. We listen to the UKversion of Classic FM

FFAAVVOOUURRIITTEE MMOODDEE OOFFTTRRAANNSSPPOORRTT??Train for my daily commute from Arnhemto Utrecht and back. SURFnet is locatedright next to the train station – in thesame building – and also verygenerously provides a public transportcard to all its employees, so taking thetrain to work is a no-brainer really.

Privately I love our Citroën C5because of its hydropneumaticsuspension. Our last 5 cars have beenCitroën models (BX, XM, Xantia and 2xC5). We started driving them becausethe used models are usually dirt cheap,but fell in love with the way they drive.

They have stiffened the suspension insuccessive models unfortunately, so it’snot the magic carpet ride it used to be.Still far better than most alternativesthough.

AA MMEEMMOORRAABBLLEEEEXXPPEERRIIEENNCCEE YYOOUU’’LLLLNNEEVVEERR FFOORRGGEETT OORRSSOOMMEETTHHIINNGG AABBOOUUTT YYOOUUTTHHAATT NNOOBBOODDYY KKNNOOWWSS??My husband and I participated in theAmsterdam Canal Parade last year, on aboat with some 50 people on it. Andwhile watching the parade is alreadygreat fun, being on a boat in the paradeitself is a different experience altogether.Especially passing under the first bridgeand entering the canals, the sides andbridges absolutely packed withthousands of people all cheering andclapping; an exhilarating experience I willnever forget.

50 CONNECT ISSUE 16 JULY 2014

ABOUT GÉANT

GE

AZAR

>=1Gbps and <10Gbps

10Gbps

20Gbps

30Gbps

>=100Gbps

www.geant.net The Pan-European Research and Education NetworkGÉANT interconnects Europe’s National Research and Education Networks (NRENs). Together we connect over 50 million users at 10,000 institutions across Europe.

GÉANT is co-funded by the European Union within its 7th R&D Framework Programme.

BY MDBelarus MoldovaAzerbaijan Georgia

Austria

Armenia

UA Ukraine

GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’s NRENs.

20Gbps

0Gbps1

0Gbps>=1Gbps and <1

00Gbps>=1

30Gbps

20Gbps

GE

ARARARAR AZ

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’s NRENs.14. GÉANT is operated by DANTE on behalf of Europe’GÉANT connectivity as at January 20

Armenia

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20

Armenia

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20

Armenia

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20

Armenia

GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 20GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’GÉANT connectivity as at January 2014. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’14. GÉANT is operated by DANTE on behalf of Europe’s NRENs.14. GÉANT is operated by DANTE on behalf of Europe’

Azerbaijan

Austria

Azerbaijan

Austria

GeorgiaGeorgiaGeorgiaGeorgiaGeorgiaGeorgiaGeorgia MDMDMDMDBY MoldovaMoldovaMoldovaMoldovaMoldovaMoldovaMoldovaMoldovaMoldova UAUAUA UkraineUkraineUkraineUkraineUkraineUkraineUkraineUkraineUAUAUAUAUAMoldova

EUROPE’S RESEARCH AND EDUCATION DATA NETWORK

GÉANT is the pan-European research and education network that interconnectsEurope’s National Research and Education Networks (NRENs). Together weconnect over 50 million users at 10,000 institutions, supporting research in areas such as energy, the environment, space, health and medicine.

AABBOOUUTT GGÉÉAANNTT:: AANN AATT--AA--GGLLAANNCCEE GGUUIIDDEE

ABOUT GÉANT

51

AT THE HEART OF GLOBAL RESEARCHNETWORKINGThe GÉANT network has extensive links to other world regions throughcollaboration with further networks, including those in North and LatinAmerica, the Balkans, the Mediterranean, Black Sea, South Africa, Central and Eastern Asia.

www.geant.net

www.twitter.com/GEANTnews

www.facebook.com/GEANTnetwork

www.youtube.com/GEANTtv

JOIN THE CONVERSATION

52 CONNECT ISSUE 16 JULY 2014

ABOUT GÉANT

ENHANCING YOUR EXPERIENCE OF THE NETWORKThe GÉANT project delivers innovative services to enhance users’ experienceof the network. We’re here to support you with a portfolio of advancedconnectivity, network support and access services, designed to meet theneeds of NRENs, institutions, researchers and students. Discover more here:hhttttpp::////wwwwww..ggeeaanntt..nneett//SSeerrvviicceess//PPaaggeess//hhoommee..aassppxx

SERVICES

NNeettwwoorrkkiinngg SSeerrvviicceess GÉANT IP Core IP connectivity between NRENs. Costeffective, reliable, open and independent.

GÉANT Plus Layer2 point-to-point connectivity. Assuredbandwidth, secure.

GÉANT Lambda Layer2 ultra-high capacity point-to-point connections for demanding applications

GÉANT Peering Layer3 IP interconnectivity with 3rd partyproviders.

GÉANT Open Flexible, open Layer2 interconnectivity between organisations

GÉANT L3 VPN Logical virtual IP networking – ideal for one-to-many or many-to-many connectivity.

GÉANT Bandwidth on Demand Flexible “on-demand” layer2 connections toprovide high performance networking

GÉANT OpenFlow Facility A flexible testbed facility to help develop newnetworking services.

UUsseerr AApppplliiccaattiioonn SSeerrvviicceess eduroam® National and International wi-fi roaming. Secure, simple and global.

eduCONF An easy to use directory of VC facilities acrossEurope.

eduGAIN Federated AAI services offering assured, simple single sign-on.

TToooollss aanndd MMaannaaggeemmeenntt SSeerrvviicceess perfSONAR Multi-domain monitoring service. EnablingNREN NOCs and PERTs to collaborate inproviding seamless network performance for their users.

eduPERT Federated Performance Enhancement Response Teams - helping network users getthe best performance from their connections.

eduPKI Supporting service developers by helpingmanage digital certificates.

ABOUT GÉANT

53

SHAPING THE INTERNET OF THE FUTUREPart of GÉANT’s role is pushing the boundaries of networking technology toshape the internet of the future. The GÉANT Innovation Programme exists to develop an advanced portfolio of technologies, to develop into services, tools and network capabilities for tomorrow’s researchers.

Here are just a few ways the GÉANT Innovation Programme is driving discovery in networking technology.

THE GÉANT INNOVATIONPROGRAMME

RREESSEEAARRCCHHPPRROOGGRRAAMMMMEESSThe research elements of theGÉANT project focus on threecore areas:

• Network architectures for Horizon 2020

• Technology testing for advanced applications

• Identity and trust technologies

By being technology and supplierneutral, these research activitiescontribute greatly to thoughtleadership in networking servicesacross Europe.

OOPPEENN CCAALLLLThe Open Call projects bring infresh ideas and support new usesof the network. €3.3m is beinginvested into 21 independentprojects for research intoadvanced networkingtechnologies. In support of theHorizon 2020 aims, each project isaligned to one of the GÉANT JointResearch Activities. The four subject areas are:

• AApppplliiccaattiioonnss aanndd TToooollss – supporting advanced research activities and projects.

• AAuutthheennttiiccaattiioonn – helping support secure end-to-end authentication of systems and people.

• NNeettwwoorrkk AArrcchhiitteeccttuurree aanndd OOppttiiccaall PPrroojjeeccttss – studying future networking systems.

• SSDDNN - exploring Software Defined Networking potential tomeet new networking demands.

TTEESSTTBBEEDDSS“Testbeds as a Service” providestwo types of testbed capabilities tosupport the network researchcommunity. Dynamic PacketNetwork Testbed Service supportsupper layer network research, andthe Dark Fibre Testbed providesphotonic layer long haul facilitiesfor testing novel optical/photonictechnologies in the field.

SSTTAANNDDAARRDDSSThe use of standards andinformation from standards bodiesare essential to the development ofGÉANT services to ensureinteroperability with services ofother networking organisations.Members of the GÉANT projecthave leadership roles in the OGF(Open Grid Forum) and IETF(Internet Engineering Task Force)standards organisations and makesignificant contributions to theformation of standards.

AASSPPIIRREEFFOORREESSIIGGHHTTSSTTUUDDYYASPIRE (A Study on the Prospectof the Internet for Research andEducation) providesrecommendations to policy anddecision makers on topics likely tohave a significant impact for thefuture of research and education(R&E) networking. For instance:

• The adoption of cloud services• The integration of mobile

services into NRENs service portfolios

• Middleware and managing dataand knowledge in a data-rich world

• The future role of NRENs

The final report can bedownloaded from the TERENAwebsite:wwwwww..tteerreennaa..oorrgg//ppuubblliiccaattiioonnss

wwwwww..ggeeaanntt..nneett

This document has been produced with the financial assistance of the European Union. The contents of this document are the sole responsibility of DANTE and can under no circumstances be regarded as reflecting the position of the European Union. CONNECT/0714