Conveners
Network, Security, Infrastructure & Operations
- David Groep (Nikhef and Maastricht University)
Network, Security, Infrastructure & Operations
- David Kelsey (STFC-RAL)
Network, Security, Infrastructure & Operations
- David Kelsey (STFC-RAL)
Network, Security, Infrastructure & Operations
- David Groep (Nikhef and Maastricht University)
Network, Security, Infrastructure & Operations
- David Groep (Nikhef and Maastricht University)
Network, Security, Infrastructure & Operations
- David Kelsey (STFC-RAL)
Many years ago, the Joint WLCG/OSG/EGEE security policy group successfully developed a suite of Security Policies for use by WLCG, EGEE, EGI and others. These in turn formed the basis of the AARC Policy Development Kit, published in 2019. Many infrastructures have since used the template policies in the AARC PDK but found they had to modify them to meet their needs. The Policy Templates are...
Protecting information assets has become a top priority for organizations in the ever- changing landscape of digital security.
INFN is deeply committed to security, being a major player in the research world with distributed computing infrastructures across the entire territory and being involved in numerous research projects that deal with health and sensitive data.
The Datacloud project...
ecurity exercises can be seen as an experiment, one wants to investigate how
good, for example, the expected computer security incident response activities of an
organisation described in the procedures and policies match with real (measured)
activities in an -as realistic as possible, but contained- created security
incident situation.
The complexity of the created security situation...
We have presented previously on the strategic direction of the Security Operations Centre working group, focused on building reference designs for sites to deploy the capability to actively use threat intelligence with fine-grained network monitoring and other tools. This work continues in an environment where the cybersecurity risk faced by research and education, notably from ransomware...
It has now been over 12 years since the HEPiX-IPv6 working group began investigating the migration of WLCG towards IPv6 in 2011.
The effort of the working group can be split into three phases. In the first phase LHC software was analyzed in Ipv6 ready, ready with caveats and not ready at all. The aim “enable IPv6 access to all storage” (the second phase of the working group) was at the end...
TeRABIT (Terabit Network for Research and Academic Big Data in ITaly) is a project funded within the initiative for realization of an integrated system of research and innovation infrastructures of the Italian National Recovery Plan. TeRABIT aims at creating a distributed, hyper-networked, hybrid Cloud-HPC computing environment offering tailored services to address the diverse requirements of...
Since the global network continues to grow at a fast pace, the
inter-connection becomes more and more complicated to support reliable transmission. Meanwhile, the prosperity of network application service is getting increasing expanding as well. This brings more concerns and attractions on using software-defined concepts to make wide-area network to
be optimized and secured. However,...
The LHCOPN network, which links CERN to all the WLCG Tier 1s, and the LHCONE network, which connects WLCG Tier1s and Tier2s, have successfully provided the necessary bandwidth for the distribution of the data generated by the LHC experiments during first two runs of the LHC accelerator. This talk gives an overview of the most remarkable achievements and the current state of the two networks....
NOTED is an intelligent network controller that aims to improve the throughput of large data transfers in FTS (File Transfers Services), which is the service used to exchange data transfers between WLCG sites, to better exploit the available network resources. For a defined set of source and destination endpoints, NOTED retrieves the data from FTS to get the on-going data traffic and uses the...
In recent years, different R&D activities have been developed at CERN within the WLCG (World LHC Computing Grid) to exploit the network and provide new capabilities for future applications. An example is NOTED (Network Optimised Transfer of Experimental Data) to dynamically reconfigure network links to increase the effective bandwidth available for FTS-driven transfers by using dynamic circuit...
This talk will give an overview of the second phase of the CERN Quantum Technologies Initiative (QTU2), focusing on the Quantum communications work package.
On Quantum Communications, CERN will focus on two main activities: 1) Quantun Key Distribution using White Rabbit for time synchronization and 2) very precise time and frequency distribution.
Secret management stands as an important security service within the EGI Cloud federation. This service encompasses the management of various types of secrets, including tokens and certificates, and their secure delivery to the target cloud environment. Historically, accessing secrets from virtual machines (VMs) has relied on OIDC access tokens, a method that harbors potential security...
Summary: We propose a model to estimate and minimise full life cycle emissions of scientific computing centres based on server embodied carbon, PUE, projected next-generation performance-per-Watt improvements and actual/projected carbon intensity of the location.
In this paper we present a model for the assessment of the replacement cycle of a compute cluster as a function of the carbon...
X.509 certificates and VOMS proxies are widely used by the scientific community for authentication and authorization (authN/Z) in GRID Storage and Computing Elements. Although this has contributed to improve worldwide scientific collaboration, X.509 authN/Z comes with some downsides: mainly security issues and lots of customization needed to integrate them with other services.
The GRID...
INDIGO Identity and Access Management (IAM) is a comprehensive solution that enables organizations to manage and control access to their resources and systems effectively. It is a Spring Boot application, based on OAuth/OpenID Connect technologies and the MITREid Connect library. INDIGO IAM has been chosen as the AAI solution by the WLCG community and has been used for years by the INFN...
Authentication proxy services are becoming increasingly important in existing ID infrastructure linkage. It is necessary to clarify how the service identifies and authenticates end entities and to strictly operate the service. In this paper, we discuss a credential policy and credential practice statement of Orthros, an authentication proxy service that has begun trial...
The Secure Shell Protocol (SSH) is the de-facto standard for accessing
remote servers on the commandline. Use cases include
- remote system administration for unix administrators
- git via ssh for developers
- rsync via ssh for system backups
- HPC access for scientists.
Unfortunately, there is no globally accepted usage pattern for globally
federated usage yet.
The large variety...
Keywords: cluster computing, account passport, secure shell (SSH), lightweight certificate, remote access, SSH tunnel
Advanced computing infrastructure such as high-performance clusters, supercomputers, and cloud computing platforms offer unparalleled computing capabilities and effectively support a multitude of computing requirements across diverse fields such as scientific research, big...
The authentication and authorisation infrastructures (AAIs) for research worldwide have for years now based their architectures in the “AARC Blueprint Architecture” and the suite of accompanying guidelines. Developed by the “Authentication and Authorisation for Research Collaboration” (AARC) community, and fostered by the accompanying “engagement group for infrastructures” (AEGIS), the model...
The Federated Identity Management for Research (FIM4R) community is a forum where research communities convene to establish common requirements, combining their voices to convey a strong message to Federated Identity Management (FIM) stakeholders. FIM4R produced two whitepapers on the combined Authentication and Authorization Infrastructure (AAI) requirements for research communities in 2012...
The Czech WLCG Tier-2 center is hosted in the Computing Center of the Institute of Physics of the Czech Academy of Sciences (FZU) in Prague. Resources at the FZU are supplemented by disk servers at Institute of Nuclear Physics (NPI) and by compute servers at the Faculty of Mathematics and Physics of Charles University. The available dedicated computing capacity for supported LHC projects ALICE...
With the increasing digitization of energy infrastructure, the vulnerability of critical systems to cyber threats has become a paramount concern. This work explores the application of Capability Hardware Enhanced RISC Instructions (CHERI) architecture to fortify the security posture of Smart Grid systems. CHERI, an extension of the RISC-V instruction set architecture, provides a novel approach...
The IRIS IAM serves the UK IRIS (eInfrastructure for Research and Innovation at STFC) Community. IRIS is a collaboration developed by STFC and partner infrastructure providers in order to integrate and augment the provision of computing capabilities made available to STFC’s Science Activities, the national facilities such as ISIS and CLF, and partners such as the Diamond Light Source and the...
