THE MAGAZINE FROM THE GÉANT COMMUNITY | ISSUE 19 2015

COMMUNITYCOLLABORATIONA NEW MEANINGFOR GÉANT

GÉANT AND TNE:HOW CAN GÉANTSUPPORTTRANS-NATIONALEDUCATION?

AFRICACONNECT2:EXPANDINGCONNECTIVITYACROSS AFRICA

FOCUS ON SECURITY:MEETING THE TEAMBEHIND GÉANTSECURITY

CCOONNNNEECCTT

UUSSEERRSSTTeecchhnnoollooggyy aanndd TTrraannssnnaattiioonnaall EEdduuccaattiioonn

0099

CCOONNTTEENNTTSSCCOONNNNEECCTT NNEEWWSSGGÉÉAANNTT mmeeaannssccoommmmuunniittyyccoollllaabboorraattiioonn

0022

TTEECCHHNNIICCAALLPPAAPPEERRSSCCaattcchh uupp oonn tthheellaatteesstt ccoommmmuunniittyyrreesseeaarrcchh

3300QQ&&AAIInntteerrvviieeww wwiitthhMMiicchheell WWeettss,,GGÉÉAANNTT CClloouudd SSeerrvviicceess

2266 SSTTAANNDDAARRDDSSIINN GGÉÉAANNTT HHooww ddoo wwee eennssuurree ssuucccceessssffuullssttaannddaarrddssddeevveellooppmmeenntt??

4422

CCOONNNNEECCTTNNEEWWSSNNeeww pphhaassee iinn GGÉÉAANNTT PPrroojjeecctt

0055

CONNECT is the quarterly magazine from the GÉANTcommunity; highlighting the activities of Europe’s leadingcollaboration on e-infrastructure and services for researchand education. We give insights into the users who dependon the network, and the community that makes GÉANT whatit is. We welcome feedback at connect@geant.net

Published by GÉANT. | Editors: PPaauull MMaauurriiccee aanndd TTaammssiinn HHeennddeerrssoonn..

Hyperlinks: CONNECT is produced as a digital magazine also made available in print. To view the digital edition and benefit from hyperlinks to further information, please see: http://connect.geant.org

eedduurrooaamm®® iiss aa rreeggiisstteerreedd ttrraaddeemmaarrkk ooff GGÉÉAANNTT aanndd aallll ootthheerr bbrraanndd,, ccoommppaannyy aanndd pprroodduucctt nnaammeess aarree ttrraaddeemmaarrkkss ooff tthheeiirr rreessppeeccttiivvee oowwnneerrss..

CONNECT magazine has beenshortlisted for the 2014 CorpCommsaward for best not-for-profit publication.

01

AABBOOUUTTGGÉÉAANNTT AAnn aatt--aa--ggllaanncceegguuiiddee ttoo GGÉÉAANNTT

6600GGLLOOBBAALL NNEEWWSSAAssttrroonnoommiiccaall cceennttrreess iinnCChhiillee,, AAffrriiccaaCCoonnnneecctt 22aanndd TTEEIINN ccoollllaabboorraattiinnggoovveerr ddeenngguuee ffeevveerr

5522

AAnn oovveerrvviieeww ooff tthheeGGÉÉAANNTT PPrroojjeecctt’’ssaaccttiivviittiieess,, aanndd aa llooookkbbeehhiinndd tthhee sscceenneess

1100 FFOOCCUUSSOONN……SSeeccuurriittyy

1188

CCOOMMMMUUNNIITTYYNNEEWWSSNNeewwss ffrroomm oouurrppaarrttnneerrss aannddmmeemmbbeerrss

4433

SSEERRVVIICCEESS eedduuGGAAIINN,, eedduurrooaamm,, FFaaaaSS,, MMDD--VVPPNN,,TTeessttbbeeddss

2200

how high-speed connectivity is set toexpand across Africa with the newAfricaConnect2 project; and on page50 about an exciting astronomyproject in Latin America.

This diverse and dynamiccommunity will ensure the new era forGÉANT is an exciting one, and welook forward to the journey together.

most prestigious European researchnetworking conference, TNC15 (page10). The GÉANT booth will featureboth the organisation and the projectactivities, so if you are attendingplease drop by to catch up with eventstaff and to learn more about the neworganisation and the unified branding.

Elsewhere in this issue we focusas always on several key areas ofGÉANT: services relied on today(pages 20-29); network architectureand services for the future (pages 30-39); network security (page 18); anduser communities, community newsand networking stories from aroundthe world. For instance, on page 9 youcan read how GÉANT can supportTrans-National Education; on page 53

You will have noticed the newGÉANT logo on the cover ofthis issue. It was launchedon 1 May 2015, marking the

start of the new unified GÉANTbrand (see page 2) and coincidingwith the start of the new GÉANTProject (now GN4 Phase 1 – see page5). Since that time the organisationthat was formed last October from therestructuring of TERENA and DANTEis no longer known as GÉANTAssociation, but simply as GÉANT.And from now on, GÉANT no longermeans a single project or organisationbut stands for the entire communitycollaboration.

What better place to launch thisnew branding than at the largest and

WWEELLCCOOMMEE TTOO TTHHIISS LLAANNDDMMAARRKK IISSSSUUEE OOFF CCOONNNNEECCTT

EEddiittoorrssPaul Maurice & TamsinHenderson

TTNNCC1155 SSPPEECCIIAALL

CONNECT NEWS

02 CONNECT ISSUE 19 2015

NNEEWW BBRRAANNDDIINNGG BBRRIINNGGSSPPRROOJJEECCTT AANNDD AASSSSOOCCIIAATTIIOONNTTOOGGEETTHHEERR AASS ““GGÉÉAANNTT”” In October 2014, the European R&E networkingcommunity agreed to re-organise the two entitiesthat represented and supported its collectivework to provide network infrastructure andservices for R&E. TERENA and DANTE joinedforces under a unified governance structure tobecome known as the GÉANT Association. As afurther step in this process, and with the GÉANTProject (now GN4 Phase 1 (GN4-1), whichstarted 1 May 2015) continuing to form a largepart of the organisation's work, the GÉANTAssociation is now known as simply ‘GÉANT’,with a new brand identity and a new meaning of community collaboration.

GGÉÉAANNTT MMEEAANNSSCCOOMMMMUUNNIITTYY CCOOLLLLAABBOORRAATTIIOONN

CONNECT NEWS

03

• organises events such as workshops, meetings, training and conferences, including TNC – Europe’s largest networking conference for research and education;

• develops, operates and supports services relating to such areas as trust and identity, security and certification, mobility and access, and media and real-time communications;

• mobilises community expertise and provides staff expertise in procurement, project management, community engagement, network operations, and outreach including dissemination and training;

• liaises with other e-infrastructure organisations, user communities, industry and with the European Union.

MEMBERSHIP ANDPARTICIPATIONGÉANT is owned by its coremembership. This includes 36 NationalMembers, which are European NRENs,and one Representative Member -NORDUnet - which participates onbehalf of five Nordic NRENs. Associatesare also welcome and includecommercial organisations and multi-national research infrastructures andprojects.

In addition to working togetherthrough the GÉANT organisation on theGÉANT Project, the membership takespart in other activities offered by GÉANT.Many of these are also open tointerested parties from the widercommunity: task forces and specialinterest groups provide opportunities forideas to bubble up and inform GÉANT’smore formal innovation programme;

many events are open to non-members;and some small projects and otherinitiatives are relevant to industry,institutions and campus staff.

ONE NAME, TWO OFFICESGÉANT has offices in Amsterdam, NL, and Cambridge, UK. Though thesecontinue to be two legal entities withtheir own staff and financialarrangements, they are each trading as‘GÉANT’ under the new unified brand.

This restructuring marks a newphase in almost thirty years ofcollaborative research and educationnetworking in Europe.

HORIZON 2020The decision to restructure came fromthe community of European NRENs. InOctober 2012, the community agreed itneeded a strategy in order to achieve itspart in the European Commission’svision for the future of research andinnovation, ‘Horizon 2020’. Thisagreement followed the presentation of a report by the Reykjavik Group, to prepare a response torecommendations published in thereport 'Knowledge without Borders'produced in 2011, by the GÉANT Expert Group, set up by the European Commission.

Within the European Union’s Horizon 2020 research and innovationprogramme, GÉANT is coordinating the GÉANT Project and AARC(Authentication and Authorisation forResearch and Collaboration), andparticipating in MAGIC (Middleware forCollaborative Applications and GlobalVirtual Communities) and TANDEM(Trans-African Network Development).

“This change is intended to simplifyunderstanding of the organisation, itscore activities and the communitycollaboration that drives it all, under asingle name and a new logo,” explainsInterim CEO Bob Day. “GÉANT bringsthe activities, services, benefits andvalues of TERENA, DANTE and theGÉANT Project under one banner. This means our community is betterpositioned to achieve its collectivestrategic priorities in innovation, serviceprovision, and stronger European andglobal relationships.”

The new GÉANT website that waslaunched in October is evolving into itsnew look and feel, with the contentencompassing information about theGÉANT Project as well as the otheractivities and services that theorganisation offers. Other changes toGÉANT’s online presences, emailaddresses, news and social mediachannels, as well as CONNECTmagazine, are being made in a phased process that will take severalmonths to fully complete.

GÉANT OFFERS‘NETWORKS ·SERVICES · PEOPLE’GÉANT is the leading collaboration onnetwork and related infrastructure andservices for the benefit of research andeducation, contributing to Europe'seconomic growth and competitiveness.

GÉANT:• provides practical support for

members, educators, researchers and other partners to collaborate, innovate, share knowledge and agree on policies and strategies;

• plans, procures, builds and operateslarge-scale, advanced international high-speed networks, including the 500 Gbps pan-European GÉANT network;

FURTHER INFORMATIONhttp://ec.europa.eu/programmes/horizon2020/www.geant.orgThe managers and staff aim to keep all services, websites and mailing listsrunning smoothly while further web and branding changes are implemented, but ask for patience and help with reporting any issues that may occur. In case of any queries, please contact info@geant.org.

04 CONNECT ISSUE 19 2015

CONNECT NEWS

AAAARRCC PPRROOJJEECCTTSSTTAARRTTSSTTOOWWAARRDDSS AANN IINNTTEEGGRRAATTEEDD AAAAII FFOORRRREESSEEAARRCCHH AANNDD EEDDUUCCAATTIIOONN

WHAT WILL AARC DO?It is commonly recognised that nationalidentity federations and the eduGAINinter-federation service offer a secureand scalable infrastructure to enableshared access to online resources.However, there are still challenges thatprevent their wider adoption by all e-infrastructures and collaborativeprojects.

AARC will help to avoid a future in whichdifferent e-infrastructures and researchcollaborations develop and operateindependent AAIs. It builds on theresults of previous projects to addressthe challenges of interoperability and thefunctional gaps among deployed AAIsby focusing its work on four main areas:

• developing an integrated, cross-discipline AAI framework, built on existing federated access services;

• developing an extensive training andoutreach package;

• harmonising policies among e-infrastructures to make it easy for resource and service providers to offer their services on a cross-borderand cross-organisational basis;

• piloting policy frameworks and components of the proposed integrated AAI in existing services.

The Authentication andAuthorisation for Research andCollaboration project, AARC,started on 1 May. Led by the

GÉANT Amsterdam office, the projectgot off to a flying start by gatheringrequirements from e-science andlibraries communities at the EGI andGARR IDEM conferences, and holding aproject kick-off meeting in early June forthe 20 partners and other members ofthe wider community.

“I am very excited to lead AARC andwork with NRENs, e-infrastructureproviders and libraries,” says Licia Florio.“With so many parties represented, thiswill enable us to progress on some verycritical technical and policy areas andmove towards a vision in whichresearchers use one set of existingcredentials to access a wide range ofservices, regardless of which e-infrastructures and service providers areoffering them.”

AARC works closely with theGÉANT project, with the REFEDS(Research and Education Federations)and FIM4R (Federated IdentityManagement for Research communities)groups, with e-infrastructures such asEGI, PRACE, and EUDAT, and with usercommunities.

FURTHERINFORMATIONAARC is a two-year projectfunded by the European Union’sHorizon 2020 research andinnovation programme. Thepartners are CERN, CESNET,CSC, DAASI, DFN, EGI, GARR,GÉANT, GRNET, JISC, Julich,KIT, LIBER, MZK, FOM-Nikhef,PSNC, RENATER, STFC,SURFnet and SURFsara.

http://aarc-project.eu/

05

CONNECT NEWS

NNEEWW PPHHAASSEE IINNGGÉÉAANNTT PPRROOJJEECCTT11 MMAAYY MMAARRKKEEDD TTHHEE SSTTAARRTT OOFF TTHHEE LLAATTEESSTT IITTEERRAATTIIOONNOOFF TTHHEE GGÉÉAANNTT PPRROOJJEECCTT,, GGNN44 PPHHAASSEE 11 ((GGNN44--11))

for the European Research Area,providing the best possible digitalinfrastructure to ensure Europe remainsin the forefront of research and otherknowledge endeavours.

The work of the project is dividedinto 15 activities within three areas ofwork: research; service developmentand delivery; outreach and coordination.

• NNeettwwoorrkkiinngg AAccttiivviittiieess (NAs) support all project activities with the full extent of internal and external communications, promotion and project management, foresight and best practice, international liaison and NREN development.

• DDeevveellooppmmeenntt SSeerrvviiccee AAccttiivviittiieess (SAs) develop GÉANT services and manage feature roadmaps to support the evolving needs of NRENs and the wider research and education community.

• PPrroodduuccttiioonn && SSeeccuurriittyy SSeerrvviiccee AAccttiivviittiieess (SAs) deliver and support the GÉANT service portfolio used byNRENs and the research and education community.

• JJooiinntt RReesseeaarrcchh AAccttiivviittiieess (JRAs) are targeted at critical analyses of future network and application technologies with a view to future deployment of emerging technologies across the network and services.

GÉANT is Europe’s leadingcollaboration on e-Infrastructure and servicesfor research and education,

with the GÉANT Project forming a majorpart of its work. Together with theNRENs, the Project has for nearly 15years been a vital element of Europe’s e-infrastructure strategy, providing the highspeed connectivity needed to share,access and process massive volumes ofdata essential to the research andeducation communities.

The GÉANT Project has grownduring its many iterations (GN2, GN3,GN3plus) to incorporate not just today’saward-winning 500Gbps physicalnetwork, but a catalogue of advanced,user-focused services, and a successfulprogramme of innovation that is pushingthe boundaries of networkingtechnology to deliver real impact to over50 million users in 10,000 institutionsacross Europe, as well as thousands ofschools.

This new iteration of the GÉANTProject is the first step of a new phase inproviding a stable, yet highly innovative,environment for the growth of theGÉANT network and its services as theEuropean Communications Commons

GN4-1 is a 12-month project from1 May 2015 to 30 April 2016,under the GÉANT2020Framework PartnershipAgreement (FPA) and hasapplied for funding from theEuropean Union’s Horizon 2020Research and InnovationFramework Programme (No.691567). It is a collaborationbetween 38 partners: 35European NRENs, GEANTLimited (Project Coordinator),GÉANT Association andNORDUnet (representing the five Nordic countries).

FURTHERINFORMATIONWeb: www.geant.orgTwitter: www.twitter.com/GEANTnewsFacebook: www.facebook.com/GEANTcommunityYouTube: www.youtube.com/GEANTtv

Note: The website of GN3plus,the predecessor project(www.geant.net) is still availablebut will be archived after theformal closure of the project, early July 2015.

06 CONNECT ISSUE 19 2015

CONNECT NEWS

HHAAPPPPYY 1100TTHH AANNNNIIVVEERRSSAARRYYRREEFFEEDDSS!!

proposed following a meeting held in theUK, attended by representatives fromthe UK (JISC), Australia (DEST), Finland(Finnish IT Centre for Science),Netherlands (SURF), Spain (RedIRIS),Switzerland (SWITCH), USA (Internet2)and representatives from CERN. Thefirst meeting of REFEDS took place on8th June 2005 in Poznan and involvedjust a few participants.

The 10th anniversary meeting ofREFEDS at TNC15 attracted more than70 delegates representing some of the56 research and identity federations thatnow exist worldwide. In its 10 years, REFEDS has deliveredthe following notable achievements:

• the REFEDS Discovery Guide to improve the user experience of federated access

• the introduction of entity categories to support the legal flow of user information to services

• federation monitoring tools such as MET (Metadata Explorer Tool)

• template documents and advice for emerging federations.

The work of REFEDS is made possibleby the generosity of its sponsors. TheREFEDS sponsorship model changed inJanuary 2015; in line with the newmodel, sponsoring organisations sign alight-weight agreement with REFEDS.Eleven organisations from around theworld are currently sponsors.

REFEDS has been coordinated byLicia Florio since its inception in 2005,with Nicole Harris joining her in 2010 asthe group continued to grow in size andactivity.

REFEDS meets twice a year, andmanages its work via the REFEDS wiki,the REFEDS mailing list and via itsworking groups. hhttttppss::////rreeffeeddss..oorrgg.

REFEDS - the Research andEducation Federations group -marked its 10th anniversary ata meeting at the annual

networking conference, TNC15, in Portoon 14 June. With birthday cake for allparticipants, REFEDS celebrated thismilestone and a brand new website:hhttttppss::////rreeffeeddss..oorrgg.

Managed by GÉANT, whichprovides secretariat support for thegroup, REFEDS has grown from atalking shop of interested parties sharingideas to a sponsored initiative deliveringan annual plan of work to improveinteroperability between identityfederations.

REFEDS began as a small group ofpeople who got together to discuss theissues associated with implementingSAML-based identity federations as theybegan to emerge. The group was

““RREEFFEEDDSS iiss tthheeiinnddiissppeennssaabbllee ggrroouuppffoorr tthhee gglloobbaall rreesseeaarrcchhaanndd eedduuccaattiioonn iiddeennttiittyyccoommmmuunniittyy.. SSUUNNEETTaanndd SSWWAAMMIIDD hhaavveeaanndd wwiillll ccoonnttiinnuuee ttooeennggaaggee wwiitthhRREEFFEEDDSS ttoo bbuuiilldd aagglloobbaall iiddeennttiittyyeeccoossyysstteemm bbaasseedd oonnmmuuttuuaall ttrruusstt aannddccoollllaabboorraattiioonn..””Leif Johansson, CTO SUNET (Sweden)

WWoorrddss aannddPPiiccttuurreeNicole Harris,ProjectDevelopmentOfficer, GÉANT

07

CONNECT NEWS

TTRRUUSSTTEEDD CCEERRTTIIFFIICCAATTEESSEERRVVIICCEE GGOOEESS FFRROOMMSSTTRREENNGGTTHH TTOOSSTTRREENNGGTTHH

participants how to use the new onlineservice portal developed by DigiCert,which is the new TCS service provideras from 1 July 2015.

DigiCert, a US-based company, isone of the largest worldwide CertificationAuthorities. Its new Web portal isexpected to improve the userexperience of ordering digital certificatesbecause SAML-based federated accesshas been built in. The portal also allowsfor NRENs branding and will be availablein different languages. Further trainingopportunities will be provided to currentand new participants in the comingmonths.

The workshop also includeddiscussion with a panel of technicalexperts from the TCS community, whohad extensively tested the new portalbefore it went into production.

The new TCS is up-to-date withrecent changes to the Secure HashAlgorithm (SHA), which plays animportant role in signing digitalcertificates used to support securewebsites. The DigiCert TCS will providethe more secure SHA-2 supportedcertificates that replace the original SHA-1 type.

Another change under the new TCS is the addition of a new type ofcertificate. The five main types ofcertificates available are:

• SSL certificates – for authenticating servers and establishing secure sessions with end clients.

• Grid certificates – for authenticating Grid hosts and services (IGTF compliant).

• Client certificates – for identifying individual users and securing email communications.

• Code signing certificates – for authenticating software distributed over the Internet.

• Document signing certificates – for authenticating documents from Adobe PDF, Microsoft Office, OpenOffice, and LibreOffice.GÉANT’s Trusted Certificate

Service (TCS – formerlyknown as the TERENACertificate Service) helps to

increase security in online transactionsby facilitating the deployment of digitalcertificates. TCS takes advantage of abulk purchasing arrangement wherebyparticipating NRENs may issue close tounlimited numbers of certificatesprovided by a commercial CertificationAuthority (CA) at a significantly reducedprice.

After around nine years issuing avariety of certificate types through aseries of CA providers, the newestiteration of TCS geared up for actionwith a workshop at this year’snetworking conference, TNC15, in Portoon 16 June.

The workshop, ‘TCS presents TCS’,showed current and prospective service

WWoorrddss aannddPPiiccttuurreeAlessandraScicchitano,ProjectDevelopmentOfficer, GÉANT

For more information about TCS,please visit wwwwww..ggeeaanntt..oorrgg

AABBOOUUTT TTHHEEAAUUTTHHOORRAlessandra Scicchitano is a ProjectDevelopment Officer at theAmsterdam office of GÉANT. Shejoined the team in July 2014 afterleaving SWITCH, the Swiss NREN,where she worked on AAI andeduPERT. She now supports theInformation Security ManagementSIG (Special Interest Group) aswell as TCS.

USERS

08 CONNECT ISSUE 19 2015

GGÉÉAANNTT AATTTTEENNDDSSCCHHEEPP22001155 IINN OOKKIINNAAWWAA,, JJAAPPAANN

ONE-STOP SHOP:INTERNATIONALUSER SUPPORT FOR BIG SCIENCECOMMUNITIESEnzo attended the conference topresent: ‘The GÉANT network:addressing current and future needs ofthe HEP community,’ co-authored byMian Usman, GÉANT IP NetworkArchitect.

It was an opportunity to connectwith Japanese and international physicscommunities, and explain how theGÉANT infrastructure serves Europe’sresearch and education community. The presentation explains how GÉANTprovides global access for end usersand how its associated services providesupport for educators, researchers andother partners to collaborate and agreeon policies for big science communities.

Together with people from GARRand the INFN (Italy), Enzo had also aposter contribution to the conference,named: “A prototype infrastructure forcloud-based distributed services in high availability over WAN.”

BETTERUNDERSTANDINGTHE NEEDS OF THEHEP COMMUNITYWith computing and software moreimportant to High Energy Physics thanever before, the conference provides anopportunity to learn more about currentnetworking trends, developments andrelated topics. In this way GÉANT hasbeen able to deepen its understandingof community needs—as well as raiseawareness of the benefits of Europeanresearch and education networking and how it is accelerating science.

This major event for physicists andcomputing professionals from the highenergy and nuclear physics community,computer science and informationtechnology sectors, provides a forum toexchange experiences and reviewrecent, ongoing and future activities.

In April, Enzo Capone,GÉANT BusinessDevelopment Officer,attended CHEP2015 inOkinawa, Japan. It wasthe 21st InternationalConference onComputing in HighEnergy and NuclearPhysics.

USERS

09

TTEECCHHNNOOLLOOGGYY AANNDD TTRRAANNSS--NNAATTIIOONNAALL EEDDUUCCAATTIIOONN ((TTNNEE)) -- TTHHEE GGÉÉAANNTT PPEERRSSPPEECCTTIIVVEE

• From a technical perspective, the issues which prevent good throughput of data on a network tend to be amplified proportionately to the distance covered. International and intercontinental collaborations therefore need specialist knowledge and high-quality infrastructure.

Network connections aside, it isimportant that remote campuses andpartner institutions are able to providethe same digital services for both theirTNE and UK based students if this ispart of their TNE offer. On one level thisis essential to promote inclusivenessand a high-quality student experience.On another it is in the institution's bestinterest to ensure secure access toresources and to ensure integrity ofstudent and corporate data. eduroam,the service that allows single-sign-on touniversity WiFi networks, has beenadopted around the world - and now isavailable in many public locations too.This means that travelling students andacademics can just open their laptopand be online at a partner institution thatuses eduroam. Similarly, digital identity isa key theme in academia and in widersociety. eduGAIN is a technology whichallows national identity federations tointeract, meaning that the credentials fora student or academic in one countrycan be recognised and verified by apartner institution (or institutions) inanother country.

Technologies will change with time.The most important ingredient forsuccess is therefore not any particularplatform, but to use services which

understand the academic sector andthe challenges of working internationally.Working together, Jisc, who provide theJanet network in the UK, and GÉANTcan help institutions select andimplement appropriate tools for TNEand help facilitate links with local nationalresearch and education networking(NREN) partners, be they in Asia, Africaor in any of the 100+ countriesconnected via GÉANT.

It won't always be easy toseamlessly connect partners halfwayaround the world, but working with theworld's best-connected network is avery good way to start!

ABOUT HEGLOBALAND TNEHEGlobal brings together UKgovernment, the higher education sectorand other expertise to support anddevelop UK universities' transnationaleducation (TNE) activity. TNE iseducation delivered in a country otherthan the country in which the awardinginstitution is based, for example studentsbased in country Y studying for a degreefrom a university in country Z. John Chevers also presented at therecent Jisc-supported HEGlobal seminar,“Technology: TNE’s silent partner?”

To be successful, TNEneeds to think beyondstudent numbers andbalance sheets. In a guest blog for HEGlobalreproduced here, JohnChevers of GÉANT looksat the technology optionsavailable to facilitatesuccessful internationalcollaborations, and thebest way to engage withlocal academic networkproviders around theworld.

There is one characteristic of all TNEinitiatives that can't be ignored: distance.Regardless of the strength of yourpartnership, the reliability of local staffand the air-conditioned comfort of yourlecture theatres, the fact is that there willalways be challenges associated withthe physical separation of the sitesinvolved. This is where technology, andnetwork solutions like GÉANT, can help.

What technology is really necessaryfor TNE? Surely a good connection to alocal Internet Service Provider (ISP) willsuffice? Well perhaps. However:

• It is worth remembering that commercial network providers run their infrastructure rather differently from public-sector operators. Typically commercial ISPs will aim tofit the maximum amount of data on to any particular link, to maximise profit, thereby leading to the data equivalent of a traffic jam.

• Another issue can be geography - in many parts of the world the telecommunications infrastructure is much sparser than in Western Europe and the local markets are typically lacking competition. This means that the quality of service youcan expect in the UK may not be available commercially in some countries and so the cost may be high.

For more information, seehhttttpp::////hheegglloobbaall..iinntteerrnnaattiioonnaall..aacc..uukkand for seminar presentations, visithhttttpp::////hheegglloobbaall..iinntteerrnnaattiioonnaall..aacc..uukk//eevveennttss..aassppxx

TTNNCC1155 SSPPEECCIIAALL

10 CONNECT ISSUE 19 2015

TTNNCC1155 SSPPEECCIIAALL

GGÉÉAANNTT PPRROOJJEECCTT AASSSSOOCCIIAATTEEDD SSPPEEAAKKEERRSS

MMoonnddaayy,, 1166 JJuunnee16:00 to 17:30Location: Room BSSuuppppoorrttiinngg uusseerr pprriivvaaccyy,, sseeccuurriittyyaanndd eeaassee ooff uussee iinn eedduurrooaammTomasz Wolniewicz (NicolausCopernicus University)

The TNC15 Networking Conference is thelargest and most prestigious Europeanresearch networking conference, with morethan 650 participants attending this annualevent. TNC brings together decision makers,managers, networking and collaborationspecialists, and identity and accessmanagement experts from all majorEuropean networking and researchorganisations, universities, worldwide sisterinstitutions, as well as industryrepresentatives.

Through keynotes speeches by renownedspecialists, varying parallel sessions,demonstrations and presentations, theconference presents participants with aunique overview of the latest developmentsin research networking, both in the technicalfield and in the area of application andmanagement.

TNC15, its 31st edition, will be hosted byFCT | FCCN, Portugal's unit for the operationof the National Research and EducationNetwork within the funding agency forscience and research in Portugal, between15-18 June 2015 in Porto.

Here we look at the involvement of theGÉANT Project in this event, and in thefollowing pages speak to several of theassociated speakers to get insight into theirsessions. Then on page 16 we learn in moredetail how the team from FCT | FCCN havebeen preparing for the show.

TTuueessddaayy,, 1166 JJuunnee11:00 to 12:30Location: Room DGGÉÉAANNTT OOppeenn CCaallllss –– GGeenneerraattiinnggIInnnnoovvaattiioonn wwiitthh IImmppaaccttMichael Enrico (GÉANT, Cambridge)

14:00 to 15:30Location: Plenary Room ATToo tthhee cclloouuddss aanndd bbeeyyoonndd --ccoollllaabboorraattiioonn oonn sseerrvviiccee sshhaarriinngg aanndd ddeelliivveerryyAndres Steijaert (SURFnet)

14:00 to 15:30Location: Room DGGÉÉAANNTT oonnee--ssttoopp--sshhoopp:: bbrriinnggiinnggsscciieennttiiffiicc ccoommmmuunniittiieess ttooggeetthheerrVincenzo Capone and Maria Minaricova(GÉANT, Cambridge)

16:00 to 17:30Location: Room BVVAAMMPPIIRREE -- VViirrttuuaall oorrggaanniizzaattiioonnAAuutthhoorriissaattiioonn MMaannaaggeemmeenntt PPrraaccttiicceessiinn RReesseeaarrcchh aanndd EEdduuccaattiioonn Mandeep Saini (GÉANT, Cambridge)

11

GGÉÉAANNTT BBOOOOTTHHThis year, following the rebranding(see page 2) there is one booth for both GÉANT and the GÉANTProject. Come visit us to learnmore!

GGEEAANNTTPPRROOJJEECCTTAASSSSOOCCIIAATTEEDDSSPPEEAAKKEERRSSThe TNC 2015 programme will this year feature fifteen speakerspresenting on a wide range ofsubjects covering the GÉANTProject’s technology, servicedevelopments and other initiatives.

GÉANT PROJECT ASSOCIATED SPEAKERS

TThhuurrssddaayy,, 1188 JJuunnee9:30 to 11:00Location: Room C SShhaarriinngg DDaarrkk FFiibbrree:: LLeessssoonnss ffrroommAAmmsstteerrddaamm--HHaammbbuurrgg ffiieelldd ttrriiaallGuy Roberts (GÉANT, Cambridge)

9:30 to 11:00Location: Room BTThhee nneeww ppeerrffSSOONNAARR oonnee yyeeaarr llaatteerrDomenico Vicinanza (GÉANT,Cambridge)

16:00 to 17:30Location: Room BFFeeddeerraatteedd AAuutthhoorriizzaattiioonn Andrea Bianchini (GARR)

16:00 to 17:30Location: Plenary Room ACCrreeaattiinngg IInntteerraaccttiivvee AArrtt wwiitthhPPrroottoottyyppee BBooaarrddss aanndd RR&&EE NNeettwwoorrkkssDomenico Vicinanza (GÉANT,Cambridge)

16:00 to 17:30Location: Room CMMuullttii--DDoommaaiinn VViirrttuuaall PPrriivvaattee NNeettwwoorrkk sseerrvviicceeXavier Jeannin (RENATER)

16:00 to 17:30Location: Room CAA ssoolluuttiioonn ffoorr ccoonnnneeccttiioonn--oorriieenntteeddmmuullttii--ddoommaaiinn SSDDNN bbaasseedd oonn NNSSIIAlaitz Mendiola (University of the BasqueCountry,UPV/EHU)

WWeeddnneessddaayy,, 1177 JJuunnee14:00 to 15:30Location: Plenary Room AIInnnnoovvaattiioonn aanndd EEvvoolluuttiioonn:: tthhee GGÉÉAANNTTBBaacckkbboonnee nneettwwoorrkkToby Rodwell, Guy Roberts, MarkJohnston and Mian Usman (GÉANT,Cambridge)

11:00 to 12:30Location: Room DNNeettwwoorrkkiinngg tthhee SSqquuaarree KKiilloommeetteerrAArrrraayy Richard Hughes-Jones (GÉANT,Cambridge)

11:00 to 12:30Location: Room B SScchhoollaarr EEuurrooppeeaann EElleeccttrroonniicc IIddeennttiittyy FFeeddeerraattiioonnJordi Ortiz (Universidad de Murcia)

16:00 to 17:30Location: Room DTToowwaarrddss eeaassyy VVCC -- tteecchhnniiccaallbbaacckkggrroouunndd ooff eedduuCCOONNFF sseerrvviicceeBartlomiej Idzikowski (PSNC)

12 CONNECT ISSUE 19 2015

TTNNCC1155 PPRREESSEENNTTAATTIIOONN FFOOCCUUSS

WWHHOO IISS CCHHAAIIRRIINNGGTTHHIISS SSEESSSSIIOONN?? Toby Rodwell, Head of ServiceAssurance for GÉANT, and RobertoSabatino, part of the BusinessDevelopment team in GÉANT. The session will include severalpresentations, and Toby outlines the session below:

WWHHAATT IISS TTHHIISSSSEESSSSIIOONN AABBOOUUTT?? Our session is about innovation andevolution on the GÉANT Backbonenetwork, with particular attention beinggiven to describe recent and upcomingtests and demos we’re conducting incollaboration with GÉANT’s strategicpartners, Juniper and Infinera.

WWHHAATT DDOO YYOOUU SSEEEE AASS TTHHEE KKEEYYPPOOIINNTTSS?? We will presenting the results of ourTerabit per second (Tbps) trial, anddescribing our plans to trial a newpacket switching module for our Infineraoptical system. Mark will describeGNOVC, GÉANT’s new OperationalVerification Centre (where we willvalidate and prove new vendor softwarebefore deployment) and he will give ahigh level view of GÉANT’s future plansincluding how we might bettercollaborate with NRENs to make use oftheir existing infrastructure. As suchthere will also be a presentation fromPieter Panis from BELnet, describingrecent developments in BELnet’snetwork.

WWHHAATT FFEEEEDDBBAACCKKDDOO YYOOUU HHOOPPEEFFOORR,, AANNDD HHOOWWWWIILLLL TTHHIISS IIMMPPAACCTTYYOOUURR WWOORRKK?? We hope to be able to gauge theaudience’s interest in, and support of,GÉANT progressing with theseadvanced features. If there is significantinterest in GÉANT’s GNOVC then wemay devote effort to helping NRENs setup their own equivalent, or even hostsuch a service for them.

CCOOUULLDD YYOOUUIINNTTRROODDUUCCEE YYOOUURR SSEESSSSIIOONNSSPPEEAAKKEERRSS?? MMaarrkk JJoohhnnssttoonn is presenting onInnovation on a Production Network. Hebecame Chief Network OperationsOfficer for GÉANT Cambridge Office in2013 and has responsibility for thedelivery and operation of the GÉANTnetwork and its services. He previouslyled the 500Gbps GÉANT NetworkMigration Project, having joined whatwas DANTE in 2012. Mark has over 20years of telecommunications experiencein managing operational teams todesign, plan, build and operate networkinfrastructure and network-centricservices; and in driving continualimprovements of operational processesand workflows. He has an Electrical andElectronic engineering undergraduatedegree and a Masters in BusinessAdministration.

PPiieetteerr PPaanniiss (BELnet) is presentingon An Intelligent Optical AggregationLayer: what, why and how. He has abroad experience in transmission.

After obtaining his Masters degree intelecoms in 1995, he started working astransmission design engineer for one ofthe first European carriers. In 2000Pieter joined a start-up dark fibreprovider, first in operations and then aspre-sales helping the company tobecome a major telecom player in theNetherlands. Fascinated by DWDM, hejoined Alcatel-Lucent in 2004, designingnetworks for several European NRENsand world-wide carriers, and became aproduct manager for their DWDMflagship. He joined Belnet in 2011 asnetwork engineer and project managedBelnet's new optical network.

GGuuyy RRoobbeerrttss is presenting on TheGÉANT Photonic Layer. He received hisBEng degree from RMIT University inAustralia in 1991 and his PhD inphotonics from the University ofCambridge in 2006. He joined DANTE(now GÉANT Cambridge Office) in 2006and is now the Senior TransportNetwork Architect in the Office of theCTO. He is also research coordinator forthe GÉANT Project and co-chair of theNetwork Service Interface workinggroup in the Open Grid Forum.

MMiiaann UUssmmaann is presenting on theGÉANT IP Layer. He received his BSc inNetwork Management and Design fromUniversity of Portsmouth in 2007. Hejoined DANTE (now GÉANT CambridgeOffice) in 2008 as a NOC engineer,before joining the Operations team in2010 and then becoming the IPNetwork Architect in the Office of CTO in2012. Mian led the team responsible fordesigning and deploying GÉANT’s newIP/MPLS platform and the migration ofGÉANT Plus service from EoSDH toEoMPLS. Now focused on GÉANTnetwork architecture and design as partof the GÉANT Project, he is also chair ofthe Technology and Topology workinggroup in the Global NetworkArchitecture (GNA) initiative.

IINNNNOOVVAATTIIOONN AANNDDEEVVOOLLUUTTIIOONN:: TTHHEE GGÉÉAANNTTBBAACCKKBBOONNEE NNEETTWWOORRKK WWHHEENN:: WWEEDDNNEESSDDAAYY 1177 JJUUNNEE 1144::0000--1155::3300 WWHHEERREE:: PPLLEENNAARRYY RROOOOMM AA

CONNECT INTERVIEW

13

SSHHAARRIINNGG DDAARRKK FFIIBBRREE::LLEESSSSOONNSS FFRROOMMAAMMSSTTEERRDDAAMM--HHAAMMBBUURRGG FFIIEELLDD TTRRIIAALL((PPAARRTT OOFF TTHHEE SSEESSSSIIOONN ''SSTTRREENNGGTTHHEENNIINNGG TTHHEE NNEETTWWOORRKK’’))

WWHHOO IISSDDEELLIIVVEERRIINNGG TTHHIISSPPRREESSEENNTTAATTIIOONN??Guy Roberts, Senior Transport NetworkArchitect (see intro on opposite page) iscurrently working with NRENs to try outnew ideas in optical transmissioninfrastructure sharing. He is also JRAcoordinator in GN3plus as well as co-chair of the Network Services Interfaceworking group in OGF.

WWHHAATT IISS YYOOUURRPPRREESSEENNTTAATTIIOONNAABBOOUUTT I will be talking about networkinfrastructure sharing in the GÉANTcommunity. This has become a hot topic lately since in recent years therehas been a rapid expansion of R&E builtand owned transmission infrastructure in

Europe. This diversification risks dilutingthe utilization of the infrastructure andmaking it less economically viable. Weare working to share the opticalspectrum between multiple networkproviders. This is known as spectrumsharing or alien waves. This kind ofinfrastructure sharing between GÉANTand the NRENs promises to increasethe utilization of the optical fibreinfrastructure, resulting in reduced costs for all.

I will be describing the work we havebeen doing to trial alien waves. This iswhere a provider uses their DWDMequipment to carry light sourced from a third-party. The first trial was acollaboration between GÉANT andSURFnet where we have demonstratedthe stable operation of GÉANT’s Infinerawavelengths carried over SURFnet’sCiena equipped fibre running betweenAmsterdam and Hamburg.

This work is important as it heralds a new era of technical collaborationbetween GÉANT and the NRENs. It shows that with close technicalcollaboration it is possible to achievenovel engineering solutions that benefitthe whole community.

WWHHAATT SSHHOOUULLDDTTHHEE AAUUDDIIEENNCCEETTAAKKEE AAWWAAYY?? I would like to get across theengineering concepts behind alienwaves and raise awareness within theGÉANT community of the mutualbenefits of alien waves for both theGÉANT Association and the NRENs.

WWHHEENN:: TTHHUURRSSDDAAYY 1188 JJUUNNEE 99::3300 –– 1111::0000 WWHHEERREE:: RROOOOMM CC

14 CONNECT ISSUE 19 2015

TTNNCC1155 PPRREESSEENNTTAATTIIOONN FFOOCCUUSS

GGÉÉAANNTT OOPPEENN CCAALLLLSS –– GGEENNEERRAATTIINNGG IINNNNOOVVAATTIIOONN WWIITTHH IIMMPPAACCTT ((PPAARRTT OOFF TTHHEE SSEESSSSIIOONN ‘‘EENNAABBLLIINNGG RREESSEEAARRCCHH UUSSIINNGG TTHHEE NNEETTWWOORRKK’’))

WWHHOO IISSDDEELLIIVVEERRIINNGG TTHHEEPPRREESSEENNTTAATTIIOONN?? Annabel Grant is Open Call Coordinatorfor GÉANT, responsible for thesuccessful delivery of GÉANT’s firstOpen Call programme (October 2013 toApril 2015).

Michael Enrico is TechnicalCoordinator for GÉANT, responsible forcoordinating the work of the JointResearch Activities in GÉANT withinnovative service development effortswithin the project and withcomplementary related activities external to the project.

WWHHAATT IISS YYOOUURRPPRREESSEENNTTAATTIIOONNAABBOOUUTT?? MMiicchhaaeell: “It provides an overview ofwhat we did within the Open Callprogramme – but primarily focuses onthe innovation elements and impact ofthe projects.”

WWHHAATT AARREE TTHHEEMMAAIINN PPOOIINNTTSS OOFF YYOOUURRPPRREESSEENNTTAATTIIOONN?? MMiicchhaaeell: “Demonstrating the significantmutual value (for GÉANT and the Open

Call participants) of collaborationbetween the GÉANT community andexpert researchers within industry,universities and research institutesacross Europe.”

WWHHAATT DDOO YYOOUUHHOOPPEE TTOO GGEETTFFRROOMM TTHHEEAAUUDDIIEENNCCEE?? AAnnnnaabbeell: “Feedback on areas whereGÉANT should be innovating in thefuture.”

HHOOWW DDOOEESS OOPPEENNCCAALLLL DDRRIIVVEEIINNNNOOVVAATTIIOONN?? MMiicchhaaeell: “Innovation can be conductedin many ways – it need not solely be inthe technology arena but can also be inthe areas of service wrap, commercialmodels and policy. Looking at the OpenCalls we have just run in the GN3plusproject, we can confidently say that themost fruitful and highly rated projects arethose that were the most keyed intoextant service development effort in theproject.

This is really just an exemplar of the"DevOps” approach to productdevelopment in which as close a link aspossible is established betweendevelopment and operations in order toavoid many common innovation

problems. The result of this is that theact of innovation is seen to be fruitful byall stakeholders in the DevOps cycleincluding those who provide theinnovation and those operational staffwho have to work with the results ofthese innovations on a daily basis.

The methodology of theadministrative process necessary toconduct an Open Call really doesmarshal the activities into the DevOpsmould thereby promoting the virtuouscircle of innovation leading to betterservices and happier users who are thenhappy to continue consuming servicesallowing for further innovation throughsuccessive Open Calls.”

HHOOWW WWOOUULLDD YYOOUU LLIIKKEE TTOO SSEEEEOOPPEENN CCAALLLL TTYYPPEEAACCTTIIVVIITTYYDDEEVVEELLOOPPIINNGG IINN FFUUTTUURREE?? AAnnnnaabbeell aanndd MMiicchhaaeell: In the future, it will be very important to continue towork with industry as well as theresearch and education community toensure that GÉANT remains a world-class provider of networking andservices for our community. Userrequirements will continue to inform all of GÉANT's work – so that servicesremain cutting edge and fit for purposefor our community.

WWHHEENN:: TTUUEESSDDAAYY 1166 JJUUNNEE 1111::0000 –– 1122::3300 WWHHEERREE:: RROOOOMM DD

15

GGÉÉAANNTT OONNEE--SSTTOOPP--SSHHOOPP ((PPAARRTT OOFF TTHHEE SSEESSSSIIOONN ‘‘EEXXTTEENNDDIINNGG TTHHEE BBUUSSIINNEESSSS’’))

WWHHOO IISSDDEELLIIVVEERRIINNGG TTHHEEPPRREESSEENNTTAATTIIOONN?? Enzo Capone and Maria Minaricova arepart of the Business Development teamin GÉANT, looking after the internationalusers communities.

WWHHAATT IISS YYOOUURRPPRREESSEENNTTAATTIIOONNAABBOOUUTT?? EEnnzzoo: Our presentation is about thesupport to the science communities andusers groups that spread over differentcountries or even different continents,with two case stories of how this haspositively worked.

CCAANN YYOOUU EEXXPPLLAAIINNTTHHEE CCOONNCCEEPPTT OOFFTTHHEE OONNEE--SSTTOOPP--SSHHOOPP?? EEnnzzoo: Today, all the big science projectsneed to have an international scale to beable to face the challenges that theirscientific goals entail, since no singleinstitution or, sometimes, country, hasthe means to pursue these results allalone.

Having a number of different actorsin different countries poses newchallenges, in terms of selection anddeployment of network services to availthe computing activities for theseexperiments.

Given the structure of the R&Enetworking community, this also meansthat every site would have to contact theNREN which it connects to, at the sametime losing that holistic view that wouldhelp the design of a collective solutionfor the community as a whole.

The one-stop-shop concept wascreated specifically to address thesekind of issues: it provides a single pointof contact for the community, helpingthem to understand the best possiblesolution in terms of network services,and also liaising with all the involvedNRENs to actually deploy the solution.

WWHHAATT AARREE TTHHEEBBEENNEEFFIITTSS OOFF TTHHIISSCCOONNCCEEPPTT FFOORRGGÉÉAANNTT’’SS UUSSEERRSS?? EEnnzzoo: This can greatly facilitate the timeto deployment of a network service, asGÉANT is in a better position to contactall involved network partners; and also ithelps to find the best solution in terms ofservice selection.

WWHHAATT SSHHOOUULLDDTTHHEE AAUUDDIIEENNCCEETTAAKKEE AAWWAAYY?? EEnnzzoo: The main point would be toencourage users to contact and makeuse of this GÉANT service, while for theNREN audience the point would be toshow examples of how the one-stop-shop has been effective in deliveringgood solutions to the users.

WWHHAATT DDOO YYOOUUHHOOPPEE TTOO GGEETTFFRROOMM TTHHEEAAUUDDIIEENNCCEE?? EEnnzzoo: Suggestions on better ways toliaise more efficiently with the partners,and possibly news about new sciencecommunities to be involved with. I alsohope this presentation will give us moreopportunities to facilitate the user’s job.

WWHHEENN:: TTUUEESSDDAAYY 1166 JJUUNNEE 1144::0000 –– 1155::3300 WWHHEERREE:: RROOOOMM DD

16 CONNECT ISSUE 19 2015

TTNNCC1155 SSPPEECCIIAALL

BBEEHHIINNDD TTHHEESSCCEENNEESS AATT TTNNCCQQ&&AA WWIITTHH RRUUII RRIIBBEEIIRROO,,FFCCTT || FFCCCCNN,, PPOORRTTUUGGAALL

TTEELLLL UUSS AABBOOUUTT YYOOUURRIINNVVOOLLVVEEMMEENNTT IINN TTNNCCTTOO DDAATTEE??Our preparations for TNC15 startedback in 2013. It’s been over a year sinceour formal expression of interest andwe’ve been excited to organise alllogistical, budgetary and administrativematters and decisions; making our besteffort to ensure the success of this year’sconference.

HHOOWW DDIIDD YYOOUU CCOOMMEETTOO PPLLAAYY HHOOSSTT TTHHIISSYYEEAARR??We were very keen to host TNC. Thisyear we’re celebrating the 15thanniversary of the first TNC editionPortugal hosted, back in 2000, inLisbon. We wanted the challenge asecond time, a chance to invite TNC15participants to visit Porto, one of themost charming cities in Europe. It is alsoquite accessible and offers excellentfacilities.

Porto offers so much in terms ofarchitecture, culture, gastronomy, trade,encounters and discoveries. It is one ofthe oldest European cities and wasregistered as a World Heritage Site byUNESCO in 1996 and Elected BestEuropean Destination in 2014. We reallyenjoy the idea of bringing TNCparticipants to witness it for themselves.

CONNECT caught up with Rui Ribeiro from FCCN, to find out what it takes to play host toTNC, the largest and most prestigious European research networking conference, with more than 650 networking, identity and access specialists from all major Europeannetworking and research organisations, universities and worldwide sister institutions.

17

WWHHAATT DDOOEESS HHOOSSTTIINNGGTTNNCC IINNVVOOLLVVEE??Hosting TNC involves a considerableamount of: planning, meetings,scheduling, work and of courseovercoming a variety of challenges.

Ever since (and even before) the“Alea jacta est! feeling” at the signing ofthe MoU between FCT | FCCN and theGÉANT Amsterdam team we have beenworking together. We were grateful forthe equipment lent to us by CiscoPortugal and for the support from theGÉANT Project Event Team. We wouldlike to extend our thanks to them, forwithout their help and financial supportthe equipment needs would have beendifficult.

As the ‘field team’, we’re closer tothe venue so it’s up to us to make surethe conference runs smoothly and alsoto promote the event as much as wecan, locally and internationally. This year,the location has also been an interestingchallenge since we’re based in Lisbon(around 300km away). Fortunately, thewhole process also involves a lot of fun.

WWHHAATT TTEECCHHNNIICCAALLCCHHAALLLLEENNGGEESS DDIIDD YYOOUUHHAAVVEE AANNDD HHOOWW WWEERREETTHHEESSEE OOVVEERRCCOOMMEE??An event of such magnitude andtechnical complexity demands thecorrect handling of necessaryinfrastructures, as well as time to workon the details.

We needed some external help forsome of the technical challenges. TheAlfândega was very well equipped interms of electrical infrastructure,however we had to make sure we couldcomplement connectivity. The wholewireless network was set up, in differentlocations across a large building, bearingin mind up to 700 participants (and theirmultiple devices). We were grateful forthe equipment lent to us by CiscoPortugal and for the support from theGÉANT Project Event Team. We wouldlike to extend our thanks to them, forwithout their help and financial supportthe equipment needs would have beendifficult.

We also had the support of thePorto Digital project, who offer ametropolitan high-speed network,interconnected with FCCN’s networkthat passes through most parts of thecity. This network has a fiber accesspoint right at the Alfândega building.

Cabling and fibre distributionthroughout the building was installedover Easter. Tests were completedwhenever there were no eventsscheduled in the Congress Centre.

The availability and flexibility of the venuemanagement was key to ensuring thenetwork requirements could fulfil theinnovative high-tech experience thatTNC participants are accustomed to.

WWHHAATT DDOO YYOOUU SSEEEE AASSTTHHEE BBEENNEEFFIITTSS OOFFHHOOSSTTIINNGG TTNNCC?? The Portuguese NREN, aligned withFCT’s mission, aims to promote theadvancement of knowledge in scienceand technology in Portugal, attain thehighest international standards in qualityand competitiveness, in all scientific andtechnological domains, and encourageits dissemination and active role insociety and economic growth.

In bringing TNC to Portugal, we’reproviding a global stage to promote thebest in “the business” in Europe andbeyond. We consider this to becompletely in sync with our mission,while offering the opportunity to buildcollaborative partnerships, driveinnovation and spark creativity acrossEurope (and the rest of the world).

We want people to benefit from thegreat knowledge and innovation thisevent brings and to visit our beautiful cityand surroundings.

TTEELLLL UUSS AABBOOUUTT YYOOUURR TTEEAAMM??One part of the team takes care of thetech issues and the other is in charge oflogistics and PR. Each member hashis/her role and up to date tasks tocomplete with well-defined deadlines.The core Portuguese team has around 8to 10 people. However, the whole NRENis committed to preparing this great event.

PPiiccttuurreeLeft to right:ÂngeloRodrigues, Ana Afonso,Nelson Dias,Pedro Simões,Cláudio Silva, Rui Ribeiro,Pedro Oliveiraand GonçaloFaria (Missing:MónicaDomingues and AlexandreCarreira)

TTEELLLL UUSS AABBOOUUTT TTHHEE VVEENNUUEE??The Alfândega Congress Centre wasbuilt in 1869 and used to be a CustomsHouse. The project was designed by theFrench architect Jean Colson, whochose the right bank of the Douro River,on a former fisherman’s beach for itsconstruction. It was built according todifferent architecture characteristics incomparison to the nearby 15th centuryriverside buildings and is distinguishedby its unique Riga Oak details in theplenary room.

WWHHAATT AARREE YYOOUURRPPEERRSSOONNAALLRREEFFLLEECCTTIIOONNSS??It will be an honour to be a point ofsupport to this “connecting ofcommunities”. It is exciting to take partin this in a way much different than theregular participation we’ve had before.We’re part of it. We’re also making ithappen. It’s a special feeling and wehope all our efforts and hard work will berewarded with great success.

For future reference, it is importantto involve city services and governmentbodies from the early planning stages. Itis very good to have support from thecity and local organisations.

We are looking forward to greetingTNC’s participants in Porto for a verysuccessful TNC15. We really hopepeople will savour it and profit from allthe rich exchanges and knowledge thelargest and most prestigious Europeanresearch networking conference can give.

18 CONNECT ISSUE 19 2015

SECURITY

FFOOCCUUSS OONNSSEECCUURRIITTYY

Security of networks and the information they carry is fundamental toenabling trusted collaboration. CONNECT spoke to Head of Information and Infrastructure Security, Wayne Routly, to learn more.TTEELLLL UUSS AABBOOUUTTYYOOUURR RROOLLEE??As Head of Security within GÉANT, I have a broad remit, from ensuring thesecurity of the GÉANT network at a PoPlevel to the security of informationhandled.

I also lead a very skilled team ofmulti domain security specialists whoaudit and review the code for securityvulnerabilities of the systems that projectparticipants and global researchers useevery day.

We’re also tasked with producingthe next generation of security tools todefend the network against attacks. Myother role as the security co-ordinator is

to make users are aware of the benefitsof secure systems and to showcase theworld-leading services we deliver.

PPLLEEAASSEE EEXXPPLLAAIINN TTHHEE IIMMPPOORRTTAANNCCEE OOFF SSEECCUURRIITTYY FFOORRCCOONNTTEEXXTTWe have to provide users with a securenetwork with which to facilitate researchand education in free and opennetworks. Therefore, ensuring users cantrust the network, to validate the integrityof the infrastructure and theconfidentiality of the information thattransits it, is critical.

CCUURRRREENNTTCCHHAALLLLEENNGGEESS??Security is a challenge in itself. We mustensure networks remain open andtrusted whilst simultaneously defendingthem against the thousands of eventswe see targeting the network and ourcustomers across the network.

Potential new issues we see is theuse of networks of scale to launch denialof service attacks either on thecommunity or even entire countries. Wehave already started to implement asolution by which to block malicioustraffic, but, at the same time enablelegitimate traffic through to the end host.Ensuring we maintain access to servicesand systems is a key challenge.

19

SECURITY

MMEEEETT TTHHEE TTEEAAMMWe’re also here to sell security.Everyone understands why you lockyour front door and why you have analarm. If we can transpose this mind-setto the networks and systems we rely onso much, half our work will be done.

HHOOWW DDOO YYOOUUPPHHYYSSIICCAALLLLYYMMAANNAAGGEE SSEECCUURRIITTYYFFOORR TTHHEE NNEETTWWOORRKK??DDEESSCCRRIIBBEE AA TTYYPPIICCAALLDDAAYY..Tasks are varied. The team monitorsecurity dashboards that report on alertsand events that may require furtherinvestigation. Streams of securityrequests also flow in, from assistance inbuilding firewall filters to security eventsthat need reporting to system owners.

Then there are projects. We’reconstantly improving systems,enhancing existing processes andworking with internal and external teamsto understand their securityrequirements before they enter thenetwork.

As the face of GÉANT security, wealso provide advice on everything fromaccess control to information rightsmanagement of documents.Promoting security within the companyand the project is important and we areregularly invited to speak to groups,either on the technologies we are usingor the strategies we deploy and lessonswe’ve learnt.

TTEELLLL UUSS AABBOOUUTTRREECCEENNTT AACCTTIIVVIITTIIEESS,,UUPPGGRRAADDEESS,, SSCCAARREESSOORR DDEEVVEELLOOPPMMEENNTTSS??We’ve recently embarked on a majorupgrade of our security tool set; to futureproof the security needs in the nextgeneration of the GÉANT project.

One of the underlying parts ofdetecting network security events isthrough the use of net flow, the “metadata” of network traffic conversations.Soon we will see a whole new type oftraffic within the network due to changesin the configuration of the backbone.

As such we have implementedredundant net flow processing systemsto firstly cater for the increased volumeof traffic over the next few years, butalso to cater for new types of traffic suchas IPv6.

Hand in hand with the processingsystems we have built into the fabric wehave rolled out a new AnomalyDetection System to cater for new andemerging network based attack types.

This upgrade will greatly enhance theadded value of the NSHaRP process we deliver to NRENs.

Keeping tab of security updates ona network spanning Europe withhundreds of devices running multipleservices and applications requires a veryproactive approach. We have taken thischallenge up by performing weeklyvulnerability scans of the network toidentify vulnerable machines andsystems.

The release of Firewall on Demandas a new system in conjunction with thecommunity black-holing we currentlysupport has eliminated the alreadymentioned denial of service events wesee. It has also provided us with avaluable system to scale firewall filteringand standardise our management offiltering for security events with aneffective and valuable end solution,making Firewall on Demand the nextgeneration of firewall filtering.

HHOOWW DDOO YYOOUU SSTTAAYYOONNEE SSTTEEPP AAHHEEAADD OOFFRRAAPPIIDD CCHHAANNGGEE??By maintaining an accurate view ofwhere the vulnerabilities lie in thenetwork we are able to rapidly identifythose systems affected. We maintain avisible presence at security conferenceswhich provides us with awareness ofnew trends and approaches in securitypractices.

Part of the value of the securitycommunity is the ability to shareinformation in a trusted environment. Weare active members of these groups andthey provide valuable insight intopotential threats.

YYOOUURR VVIISSIIOONN FFOORRTTHHEE FFUUTTUURREE OOFFGGÉÉAANNTT SSEECCUURRIITTYY??Today’s security requirements aredifferent from yesterday's and as suchwill have a different meaning tomorrow.We see a convergence of networks,with R&E networks being used fortransporting government departmenttraffic or even traffic between EUinstitutions.

This will mean a bottom up review ofsecurity controls across the network. Weare already seeing a concerted shifttowards having standards as a basis forsecurity controls within the domains.

From a controls perspective thetools will become more diverse as newpotential areas of threats emerge, alsogreater focus will be placed on theconcepts of risk and how to manage it.

JJUUAANN QQUUIINNTTAANNIILLLLAA,, SSEECCUURRIITTYY OOFFFFIICCEERRJuan holds a CISMP, ITIL and the ISO 27001 LICertifications. He joined the project in 2011 as a SecurityEngineer and has since been instrumental in the the rollout of NSHaRP, the Security service for GÉANT, and theHardening Guides project in SA2T4—among many other tasks.

Juan has recently shifted focus towards information,overseeing security in the organisation and the project,defining and refining the ISMS Governance, improvingprocesses and raising the security profile within the organisation.

EEVVAANNGGEELLOOSS SSPPAATTHHAARRAASS,,SSEECCUURRIITTYY EENNGGIINNEEEERREvangelos, has an MSc in Information and SystemsSecurity and has a passion for technology, with a never-ending eagerness to learn new concepts surroundingevery aspect of security.

He delivered a vulnerability scanning solution whichgave GÉANT visibility on particular threats to the corporateand backbone network; thus helping other departments toensure risk was within acceptable levels.

Evangelos admits that one of the biggest challenges isthe pace at which GÉANT evolves. Simultaneously makingsure everything conforms to best security practices, andmeeting the networks demanding requirements is a hugeresponsibility, given its diversity and magnitude.

EEGGII AANNDD EEDDUUGGAAIINN –– SSUUPPPPOORRTTIINNGGTTHHEE ““LLOONNGG TTAAIILL”” OOFF RREESSEEAARRCCHH

20 CONNECT ISSUE 19 2015

SERVICES

barrier of access to grid and cloudresources. The platform will serve usersvia a centrally operated 'user registrationportal' and a set of science gatewaysthat will be connected to resources in adedicated catch-all Virtual Organisation.This will reduce to overhead for thesesmall teams and allow them to focus ontheir research, no need to get acertificate if they don't have one, noneed to set up a virtual organization orother collaboration infrastructures.

TTHHIISS SSOOUUNNDDSS EEXXCCIITTIINNGG,,HHOOWW IISS GGÉÉAANNTT AANNDDEEDDUUGGAAIINN HHEELLPPIINNGG??Of course the large data networkcapabilities of the NRENs and GÉANTmake physical access to resourcesmuch easier but eduGAIN is the crucialaspect as it allows researchers to usetheir federated IDs to request andaccess distributed systems without thecomplexity of user account creation andmanagement.

Users do not like to create a newcredential for every service they access,and rightly so. IdPs federated ineduGAIN already provides high qualitycredentials to much of the research andeducation environment. When a userowns an eduGAIN credential we alreadyknow that he is involved in research andthat the credential has a minimum levelof security.

For users without eduGAIN orcertificate credentials EGI will have toperform some vetting steps on the userrequest to access the platform, but wereally count on eduGAIN to relieve mostof this effort. eduGAIN dramaticallyreduces the cost of implementing theplatform and greatly increases itsscalability and usability.

WWHHEERREE CCAANN II FFIINNDD OOUUTTMMOORREE IINNFFOORRMMAATTIIOONN??Information will be available online afterthe EGI Conference in Lisbon (18-22 ofMay) when we will present the pilotrelease of the service and can found at wwwwww..eeggii..eeuu.

discourage the new users of EGI, and todesign and prototype a new platform tosupport this "long tail" of science.

WWHHAATT DDOO YYOOUU MMEEAANN BBYYTTHHEE ““LLOONNGG TTAAIILL””??Well most of the headline grabbingscience is those huge projects like thehigh energy physics collaborations orthe ESFRIS, and these projects arelong-term, well organized researchinitiatives who already benefit from theservices that EGI provides to enablelarge distributed collaborations. But a lotof research takes place in many verysmall teams across the world who havesimilar requirements but can’t afford thededicated IT resources that the majorprojects can command.

For us at EGI the long tail of sciencemeans users who do not need to joinlarge distributed organization and whoneed to get access resources for aspecific period in time to support aspecific research project. There is a realneed to provide support to these teamsto help them in their research.

HHOOWW WWIILLLL TTHHEESSEE SSMMAALLLLRREESSEEAARRCCHH PPRROOJJEECCTTSSBBEENNEEFFIITT??The project will establish a set ofservices combining the most frequentgrid and cloud computing systems thatare suited to individual researchers andsmall research teams. This can lower the

PPEETTEERR,, WWHHAATT IISS YYOOUURRRROOLLEE WWIITTHHIINN EEGGII??I am senior Operations manager atEGI.eu, which is the coordination bodyof the European grid infrastructure (EGI).Together with the Operations team atEGI.eu, I coordinate the operationsactivities of EGI, this includes theprovisioning of the current portfolio ofservices - high throughput computing,cloud and storage resources andfederation enabling tools - plus therolling into production of the newservices to support our stakeholders.

CCOOUULLDD YYOOUU EEXXPPLLAAIINNWWHHAATT YYOOUURR PPRROOJJEECCTT IISSWWOORRKKIINNGG TTOO AACCHHIIEEVVEE??EGI enables researchers to get accessto distributed resources. The process ofintegrating a community in EGI worksvery well for the larger projects who havethe experience and knowledge.However the process applied toindividual researchers and smallresearch teams sometimes is perceivedas a big overhead, this added to someother technical barriers make someusers struggle to access grid and cloudcomputing and storage resources fromthe network of NGIs to deploy ‘big dataapplications’. EGI has recognised theneed for simpler and more harmonisedaccess for individual researchers andsmall research groups. So we’reworking to remove the barriers that

PPiiccttuurreePeter Solagna,SeniorOperationsManager, EGI.eu

EEDDUURROOAAMM NNEEWWSSGGLLOOBBAALL EEDDUURROOAAMM GGOOVVEERRNNAANNCCEE CCOOMMMMIITTTTEEEE SSTTAARRTTSS IITTSS 33RRDD TTEERRMM WWIITTHH RREENNEEWWEEDD MMEEMMBBEERRSSHHIIPP AANNDD EEXXPPAANNDDEEDD RREEPPRREESSEENNTTAATTIIOONN

21

SERVICES

In addition to the voting committeemembers, the GeGC also includes non-voting technical experts. As the Chair ofTF-MNM (Mobility and NetworkMiddleware) Klaas Wierenga (CiscoSystems) has been automaticallyincluded as a non-voting technicalexpert. In addition, Stefan Winter(RESTENA) was selected for hiseduroam knowledge and developmentleadership, which saw him honouredwith a Community Award at last year’snetworking conference, TNC2014.

• AAssiiaa--PPaacciiffiicc: Hideaki Goto (Tohoku University, Japan), Neil Witheridge (AARNet, Australia)

• EEuurrooppee: Scott Armitage (Loughborough University, UK), Paul Dekkers (SURFnet, Netherlands), Miroslav Milinović (Srce, Croatia)

• LLaattiinn AAmmeerriiccaa: Leandro Marcos de Oliveira Guimarães (RNP, Brazil), Alejandro Lara (REUNA, Chile)

• NNoorrtthh AAmmeerriiccaa: Philippe Hanset (Internet2, ANYROAM, LLC, USA), Chris Phillips (CANARIE, Canada)

The GeGC chose its new chair in May,ahead of its annual face-to-face meetingat TNC, to be held this year in Porto,Portugal. At this meeting, new Terms ofReference will be drawn up, in which thegrowth in world regions represented willbe formally recognised.

As the Global eduroamGovernance Committee(GeGC) marks the beginningof its third term, it has

recognised the increasingly global reachof eduroam by expanding itsmembership to include representativesfrom five world regions as compared tothe original three.

The previous terms of referencelisted members from only Europe, NorthAmerica and Asia-Pacific but with morethan seventy recognised roamingoperators worldwide, GEANT called fornominees for committee membershipfrom across the expanded eduroamfamily.

The accepted nominees are:

• AAffrriiccaa: Samia El Haddouti (CNRST/MARWAN, Morocco), Simeon Miteff (SANReN/TENET, South Africa)

PPiiccttuurreeTerritories whereeduroam iscurrentlyavailable

““TThhiiss nneeww tteerrmm iiss aann iiddeeaallttiimmee ttoo sshhooww hhooww eedduurrooaammhhaass ggrroowwnn ddrraammaattiiccaallllyy aannddtthhee nneeww ccoommmmiitttteeee iissiiddeeaallllyy ppllaacceedd ttoo hheellpp gguuiiddeeeedduurrooaamm ffoorrwwaarrdd aanndd ttoommeeeett tthhee ooppppoorrttuunniittiieess ooffiinnccrreeaassee ccoovveerraaggee aanndd uusseerrnnuummbbeerrss aanndd ttoo ssuuppppoorrttgglloobbaall RR&&EE ccoollllaabboorraattiioonn..””

Brook Schofield, GEANT

FFUURRTTHHEERRIINNFFOORRMMAATTIIOONNFor more information abouteduroam visit the eedduurrooaammwweebbssiittee.

22 CONNECT ISSUE 19 2015

SERVICES

FFEEDDEERRAATTIIOONN AASS AA SSEERRVVIICCEETTRRAAIINNIINNGG CCOOUURRSSEESS AA GGRREEAATT SSUUCCCCEESSSS

WWoorrddssMarinaVermezovic,FaaS TaskLeader

metadata focusing on scalability, friendlyuser interface and high security achievedby using HSM signing. FaaS toolbox isbuilt by using open source software andis provided as a hosted service whereeach FaaS customer gets its own FaaSinstance that can be localized andbranded as desired.

The FaaS team has organised twoseparate training courses for NRENs,with the latest course taking place inApril 2015 in Vienna. These trainings

GÉANT Federation as a Service- FaaS is an easy entry pointfor NRENs who aredeveloping or are in early

stage of operating an Identity federation.FaaS enables NRENs to roll out Identityfederation services to their constituentsin a way which accommodates currentbest practices for operating Identityfederation and connecting to eduGAIN.FaaS offer includes toolbox formanagement of Identity federation

focused on delivering the knowledgenecessary for operating the Identityfederation and teaching the traineeshow to use the FaaS toolbox. In total 12NRENs from across Europe took partand interest in FaaS has been shown bymany other organisations.

The FaaS team contact address forany questions concerning FaaS is:ffaaaass@@ggeeaanntt..nneett

23

SERVICES

MMUULLTTII--DDOOMMAAIINN VVIIRRTTUUAALL PPRRIIVVAATTEENNEETTWWOORRKK SSEERRVVIICCEE MMOOVVEESS IINNTTOO PPRROODDUUCCTTIIOONN

WWoorrddssXavier Jeannin(RENATER) and TomaszSzewczyk(PSNC)

MD-VPN demonstrated its reliabilityduring a pilot in 2014 and was launchedas a production service in April 2015.MD-VPN is easy to deploy for a NREN,MD-VPN only requires each NREN tocreate BGP peering once and it usesonly standardized protocols and can beimplemented on existing hardware (NoCAPEX). One of the benefits of MD-VPNis that the implementation of VPNbetween domains as easy andstraightforward as in a single domain. In less than two years 15 NRENs,NORDUnet and GEANT have adoptedMD-VPN showing the ease ofimplementation.

MD-VPN can also be extended toregional networks, allowing regionalnetwork to access to all Europe (400PoPs in 15 NRENs already available) butalso providing inter-regional network

The GÉANT Multi-domain VirtualPrivate Network (MD-VPN) isproviding an internationalnetwork service, enabling

scientists all over Europe to collaboratevia a common private networkinfrastructure. VPN services are widelydeployed across the public internetwhere VPNs are generally used to linktogether several distributed sites of acompany, as if these different networksare physically in the same location, thusenabling the same level of security.

While this is also true for customersof the NREN community, the usage ofinternational VPNs in the science andeducation world in general is quitedifferent. Here VPNs are often used forinternational collaborations around ascientific or educational project. MD-VPN service is a new connectivityservice and can be used for connectivity(Layer 2 or 3) between clusters, grids,clouds and HPC centers, allowing themto form virtual distributed resources forthird-party research projects.

MD-VPN offers fast delivery of VPNsto end users and so can be used in avariety of ways, from the long-terminfrastructure with a high demand forintensive network usage to quick point-to-point connections for a conferencedemonstration.

GÉANT MD-VPN is a seamlessmulti-domain infrastructure that is ableto deliver a wide range of end userfacing services including: Layer 3 VPN(IPv4, IPv6), point-to-point Layer 2 VPNand multi-point Layer 2 VPN.

connectivity within the same country.MD-VPN proxy technology is used toconnect non-MD-VPN capable NREN,non-European NREN or commercialsites. This ability increases the flexibilityof MD-VPN to support innovative R&Eprojects allowing users to avoid usingmore expensive commercial offerings.

For more information on MD-VPNvisit wwwwww..ggeeaanntt..oorrgg//sseerrvviicceess

““MMDD--VVPPNN iiss aa uunniiqquuee aannddppoowweerrffuull nneettwwoorrkkiinngg ttoooollffoorr NNRREENNss ttoo aadddd vvaalluuee ttootthhee sseerrvviicceess tthheeyy ooffffeerr tthheeccoommmmuunniittyy..””

Xavier Jeannin, MD-VPNTask Leader

MMDD--VVPPNN tteeaamm:: Thomas Schmid (DFN), Magnus Bergroth (NORDUnet), Jani Myyry (Funet), Bojan Jakovljevic (AMRES), Miguel Angel Sotos (RedIRIS), Daniel Lete (HEAnet), Niall Donaghy(GÉANT) with the support of Brian Bach Mortensen (NORDUnet).

24 CONNECT ISSUE 19 2015

SERVICES

One of the mostsignificant developmentsover the next few yearswill be the research of newand innovative networkingtechnologies andprotocols andinvestigating the impactthese new applicationswill have on networkingand users.

The development of new concepts andtechnologies such as Software DefinedNetworking (SDN), OpenFlow, andadvanced network virtualization relyupon research teams being able to testand prototype systems acrossenvironments that more closely matchreal-world systems. There is a need totest these technologies acrossgeographically diverse high performancenetworks and to be able to measure andmonitor behavior of these systems in thepresence of real user traffic.

This type of research requires highcapacity, high availability, flexiblenetworking that would be impossible or unaffordable for individual researchteams to build. This is why GÉANT has invested in the development of theGÉANT Testbeds Service (GTS). We asked Jerry Sobieski, Activity Leaderof the GTS project about what thisservice offers…

GGÉÉAANNTT TTEESSTTBBEEDD SSEERRVVIICCEE –– AA PPLLAATTFFOORRMM FFOORR AADDVVAANNCCEEDD NNEETTWWOORRKK RREESSEEAARRCCHH

25

SERVICES

WWoorrddssJerry Sobieski,Activity Leader –Testbed as aService, isinterviewed byNino Cosic.

The testbed itself, once it is running, is under absolute control of theresearcher. He can crash it and reset ifnecessary. We have mechanisms inplace to keep the rest of the networkunaffected. The ability to break anetwork safely is crucial tounderstanding how they work and helpadvance our understanding of thesetechnologies.

WWHHAATT SSHHOOUULLDD WWEEEEXXPPEECCTT IINN TTHHEEFFUUTTUURREE??Soon we should be able to extend thisresearch environment outside of GÉANTNetwork infrastructure into the NRENinfrastructure. This multi-domaincapability will provide researchers theability to extend their experiments tomore nodes across the R&E community.We will be scaling up the infrastructureto provide 100Gbps testbed transportcircuits, a virtual machine (VM) pool thatwill have thousands of VMs available tousers, and dedicated hardware servers– “bare metal servers” - that can beallocated to testbeds upon request.GTS already has hardware supportedOpenFlow resources available for users,and we are hoping to integrate newspecies of testbed resources such asphotonic resources or mobile (such asLTE) and wireless resources. And we areconstantly upgrading the usabilityfeatures such as a sophisticated pointand click testbed monitoring and controlGUI – the proverbial “glass cockpit”,better integration with global partners,and the like. It’s all about making it easier for researchers to get to the core of their research.

WWHHAATT AARREE YYOOUURRBBIIGGGGEESSTTCCHHAALLLLEENNGGEESS??It is important when we build Testbeds,particularly when you build it as aproduction service intended to meet theneeds of a wide variety of possibleresearch topics, that it will have somekey features. For example, theunderlying infrastructure for this networklaboratory must be stable and reliablewhile at the same time we have to allowhigh risk experiments and secure themin such a way that, if they go wrong,they are isolated and the rest of thenetwork is not affected... i.e. protect theinnocent and no collateral damage. Weneed the service model to be extensibleto be able to incorporate futuretechnologies or other novel ideas. Wedo not want to build a tool that can onlyaddress one type of technology. This ishighly challenging, as we don’t knowexactly what technologies are going tocome along. So we have to build openplaceholders for future and make it agileto be able to modify to new ideas.

Scalability is a great concern. Notjust a high number of devices butmaking sure that we have geographicspread covered, the right authorisationmodels to interact with otherenvironments outside our testbed, andto be able to define testbeds that canget huge. For example a testbedsimulating a datacenter would require alarge number of devices and we need tobe able to accommodate that request ifit comes our way.

HHOOWW SSIIMMPPLLEE IISS TTHHEEPPRROOCCEESSSS OOFFSSEETTTTIINNGG UUPP??We have protocols, software agents,and hardware facilities that allow us totranslate a user’s concept into a runningnetwork reaching across Europe in amatter of minutes. So, if the researcherhas a brilliant idea and in the process heconcludes he needs to set up a networkthat has a certain topology andtechnology, then all he needs to do islog into our GÉANT GUI (ggttss..ggeeaanntt..nneett).From there he uses a “domain specificlanguage” (DSL) to describe the virtualmachines, transport circuits, andswitching/forwarding elements he needsand how they are to be arranged in thetopology he wants. Then he gives thisinformation to the GTS and GTSconstructs it.

JJEERRRRYY,, WWHHAATTIINNIITTIIAATTEEDD TTEESSTTBBEEDDAASS AA SSEERRVVIICCEE IINNGGÉÉAANNTT?? We’ve been playing around withtestbeds in GÉANT and certainly withinthe GÉANT community forever. With thestart of the GN3plus project we wereasked by the community to address thisnetwork research requirement in a moreformal fashion.

We need something that canprovide experimental access to widearea network facilities, a capability thatallows researchers to deploy new ideasin the network core with real worldconditions – not just in a simulation in alab. In order to enhance Europeanresearch competitiveness, this servicehas to reduce the ramp-up time andcosts for network researchers, to enablethem to get research results faster, withfaster turnaround for innovations.

BBAASSIICCAALLLLYY,, YYOOUUPPRROOVVIIDDEEDD AATTEESSTTIINNGG GGRROOUUNNDDFFOORR EEXXPPEERRIIMMEENNTTAALLNNEETTWWOORRKKSS??Yes, we’re not trying to do our ownresearch here, were trying to providebest infrastructure platform and let ourusers do the research. With testing inconventional production networks youoften end up with “collateral damage”that you did not plan or expect. And Icertainly have done that in testbeds inthe past, (I’m sure that guys fromSurfNET would love to share their storieswith you.) And, of course, you don’twant your production users to beaffected by your experiments, as well asyou do not want others crazyexperiments affecting yours! So theGÉANT Testbeds Service is not itself atestbed, but it's a facility where we canserve many different research effortseach with their own network testbed –at scale across Europe.

For more information on theGÉANT Testbed Service visitsseerrvviicceess..ggeeaanntt..nneett//ggttss or contact the GTS team via email atggnn33pplluuss--ssaa22--ooppeerraattiioonnss@@ggeeaanntt..nneett

26 CONNECT ISSUE 19 2015

SERVICES

QQ&&AAWWIITTHH MMIICCHHAAEELL WWEETTSS,, GGÉÉAANNTTCCLLOOUUDDSS SSEERRVVIICCEESS

WWoorrddssInterviewed byKarl Meyer

WWOONN’’TT TTHHEESSEEVVEENNDDOORRSS BBEEWWOORRKKIINNGG WWIITTHHNNRREENNSS AALLRREEAADDYY??WWHHAATT DDOO YYOOUU SSEEEEAASS TTHHEE VVAALLUUEE TTHHEECCLLOOUUDDSS TTEEAAMM IISSBBRRIINNGGIINNGG??The two main issues will be the legalcontract conditions and communicatingthese services to the Institutions. Wehave to create contract conditions whichare unambiguous but acceptable by

(community or commercial) can adhereto the required conditions (on e.g. datalocation). The Clouds Team is nowcentrally procuring the first set of cloudservices (IaaS) so NRENs are able tooffer these services to their institutions(either in a brokerage or reseller role) in atransparent way without institutionshaving to worry about procurementlegislation. We believe that this willgreatly increase the adoption of theseservices.

MMUUCCHH OOFF TTHHEECCLLOOUUDDSS AACCTTIIVVIITTYYSSEEEEMMSS TTOO BBEEFFOOCCUUSSIINNGG OONNBBRRIINNGGIINNGG IINN TTHHIIRRDDPPAARRTTYY SSUUPPPPLLIIEERRSS ––WWHHYY AARREENN’’TT NNRREENNSSBBUUIILLDDIINNGG TTHHEEIIRROOWWNN CCLLOOUUDDSSEERRVVIICCEESS??They are, many NRENs are building Fileshare, Video Conferencing or even IaaSservices, and they should. There is notgoing to be a single solution which fits allthe needs for all of the R&E sector.Institutions should be able to haveaccess to a wide range of cloud services(both community and commercial ones)and be able to get a clear understandingof the differences between them in orderto be able to use the one which fits their need.

MMIICCHHEELL,, PPLLEEAASSEEIINNTTRROODDUUCCEEYYOOUURRSSEELLFF AANNDDYYOOUURR RROOLLEE IINN TTHHEECCLLOOUUDDSS TTEEAAMM?? Sure, I'm Michel Wets and I work atSURFnet as Procurement Advisor. In theGÉANT project (GN4-1) I'm active in theSA7 Supply Chain activity in two roles:leading the procurement in Task 1(Brokerage) and as Task Leader in theSupport and Communication task, T4.

HHOOWW DDOO YYOOUU SSEEEETTHHEE UUSSEE OOFF CCLLOOUUDDSSEERRVVIICCEESSDDEEVVEELLOOPPIINNGG IINN TTHHEENNEEXXTT FFEEWW YYEEAARRSS??Cloud services are rapidly maturing andcan increasingly serve as excellentalternatives for in-house services. Theadoption of them within the Researchand Education sector has been slow, asmany of these services were notconsumable in a way which fit the R&Eabilities (Purchase Order based andpost-paid), conditions of use were notclear (SLA, Privacy, Security, datalocation) and lastly TCO (total cost ofownership) was often difficult to predictdue to data egress charges. We believethat the cloud requirements, created inSA7 during GN3plus will allow NRENsand institutions to easily see in theGÉANT Cloud Catalogue if a service

27

SERVICES

cloud vendors in order to allow NRENsto promote them to the Institutions. Butthe biggest challenge is to communicateabout the availability of the services tothe Institutions. Many NRENs are stillprimarily network centred and havelimited communication and marketingcapacity. They may also have difficulty inidentifying the right people within theInstitutions to communicate to aboutthese services. The Clouds Team willhelp NRENs by organizing workshopsand creating marketing elements forthem to reuse in their organisation.

FFIINNAALLLLYY,, TTEELLLL UUSSSSOOMMEETTHHIINNGG AABBOOUUTTYYOOUURRSSEELLFF TTHHAATT NNOOTTMMAANNYY PPEEOOPPLLEEKKNNOOWW!! Hmm, okay, I have an old-timer car (a1966 Ford Mustang convertible, boughtover the internet in the US and shippedto The Netherlands myself) which I likeworking on (nice to use your handsinstead of your head) and we have two foster children.

To find out more about the GÉANT Clouds Team visitcclloouuddss..ggeeaanntt..nneett. The cloudservice catalogue is available atccaattaalloogguuee..cclloouuddss..ggeeaanntt..nneett.

SERVICES

28 CONNECT ISSUE 19 2015

OOppeennCClloouuddMMeesshhJJOOIINN TTHHEE OOppeennCClloouuddMMeesshh IINNIITTIIAATTIIVVEE!!

"We are at an important juncture incloud-based services," said PeterSzegedi, Project Development Officer atGÉANT’s Amsterdam office. "There is nolonger a need to choose between strictprivacy and security or opencollaboration and ease of use. I believeOpenCloudMesh will redefine the waypeople use the cloud to share theirimportant files in a standardised andtrusted manner across all platforms."

OORRGGAANNIISSAATTIIOONNSSJJOOIINNOwnCloud's open API ensures secureyet transparent connections betweenremote on-premises cloud installations.The first version of the API has beendeveloped by ownCloud and is alreadydeployed in multi-server installations(between more than 20 universities) inNorth Rhine-Westphalia in Germany.The OpenCloudMesh initiative is tomake this development fully open to thecommunity and come up with a version2.0 API based on the recommendationsof the community. So it will workbetween different countries where theNREN has deployed ownCloud.To date, several organisations havesigned up to participate, includingCERN, SWITCH, SURF, GARR,University of Vienna, Aarnet, the Max

GÉANT announced anambitious project that for thefirst time links togetherresearchers and universities

in Europe, the Americas and Asia via aseries of interconnected, secure privateclouds. OpenCloudMesh, a jointinternational initiative coordinated byownCloud Inc. as an Associate Memberof GÉANT, is built on ownCloud’s openserver-to-server sharing applicationprogramming interface (API). It deliversuniversal file access through a globallyinterconnected mesh of researchclouds, without sacrificing any of theadvantages in privacy, control andsecurity an on-premises cloud provides.Leading research organisations from allover the world have joined the initiativeand more participants are welcome.

The ownCloud software provides acommon file access layer across anorganisation and across globallyinterconnected organisations, whetherthe data resides on internal servers, onobject storage, in applications likeSharePoint or Jive, other ownClouds, oreven external cloud systems such asDropbox and Google. OpenCloudMeshsyncs data to desktops or mobile apps,making everything available offline,regardless of the source that is beingused.

Planck Institute, Sciebo (NRW),University of Florida, DESY Research,ETH Zürich, the University ofSaskatchewan and Texas A&M."

OOWWNNCCLLOOUUDDThe collaboration in OpenCloudMesh isnot the first that GÉANT has had withownCloud. At the end of 2013, GÉANT’sAmsterdam office (at that time TERENA)secured a discounted price onownCloud software licenses for itsmembers. These licenses enableinstitutions to host their own file sync-and-share, giving IT complete control oftheir data whether using on-premises orcloud storage. It has more than a millionusers worldwide.

Now that there’s a distributedownCloud environment in the NRENspace, the next step is to introduce andfurther develop OpenCloudMesh.

MMOORREE IINNFFOORRMMAATTIIOONNFor more information please visitthe OpenCloudMesh informationpage, where you can fill in a formto find out more about how to joinin this initiative:hhttttppss::////oowwnncclloouudd..ccoomm//llpp//ooppeenncclloouuddmmeesshh//

SERVICES

29

AA DDAATTAA SSEECCUURRIITTYY DDIISSCCUUSSSSIIOONN WWIITTHH CCOODDEE4422AANNDDYY HHAARRDDYY,, MMAANNAAGGIINNGG DDIIRREECCTTOORR FFOORR EEMMEEAA,, CCOODDEE4422 SSEERRVVIICCEESS

created and stored on desktops andlaptops—wherever they go. And we giveIT full visibility of all protected devicesand data in a single dashboard, enablingIT to balance data security and controlwith end-user productivity. ITdepartments get a comprehensivesolution for protecting and managinguser data, and students and staff knowtheir data will always be there when theyneed it. Once user data is protected, IThas control of it and can determine whohad which data and when. This isimportant in the event of a data breachand helps IT departments know when todisclose data loss.

Crucially our offerings give staff andstudents self-service capabilities. Forsuch vast and often disparateorganisations, this is essential inensuring data is protected continuously.We take away the millstone of relying onan over-burdened IT department andmake file backup, restore andsync/share an effortless process.

Code42 is the endpoint dataprotection and security company thatprovides integrated file sharing andbackup for the enterprise. Thecompany’s award-winning products arethe gold standard, trusted by more than35,000 businesses, including the mostrecognized brands and universities inthe world. For more information, visitwwwwww..ccooddee4422..ccoomm or contact salesat hhttttppss::////wwwwww..ccooddee4422..ccoomm//ccoonnttaacctt//.

WWHHAATT IISS CCOODDEE4422’’SSEEXXPPEERRIIEENNCCEE IINN TTHHEEHHIIGGHHEERR EEDDUUCCAATTIIOONNMMAARRKKEETT??Code42 has deep roots in the highereducation market with a client roster ofleading educational institutions all overthe world, including MIT, Harvard, andColumbia Business School. In the UK,we help protect endpoint data forImperial College London, the Universityof Sheffield and Birkbeck College.

Our enterprise file sync and sharecapabilities have met all four of thecriteria for security and compliance laidout by Jisc, the body that delivers digitalsolutions such as the Janet network toeducational institutions throughout theUK. In the US, Code42 is the onlyendpoint protection and security solutionselected for the widely used Internet2NET+ service.

HHOOWW DDOOEESS CCOODDEE4422PPRROOTTEECCTT UUSSEERR DDAATTAAFFOORR RR&&EE??Code42 delivers endpoint dataprotection and file sync/sharecapabilities that give teachers,researchers and students the securityand freedom to focus on their work.We silently, continuously protect files

WWHHYY IISS DDAATTAASSEECCUURRIITTYYIIMMPPOORRTTAANNTT TTOO RR&&EE?? Hardly a day goes by without a mediareport about a data breach that exposesthe personally identifiable information ofindividuals. While much of the newsregarding data breaches focuses on theharm to affected individuals, databreaches also harm the organisationexperiencing the breach. Potential directfinancial costs of a data breach includelegal representation, fines (depending onthe nature of the breach), and theexpense of notifying affected individuals.Organisations also face losses inreputation and consumer confidence.Particularly important for highereducation institutions are reputationalconsequences, which could result in aloss of alumni donations and even areduction in the number of studentschoosing to apply to or attend theinstitution.

IINN TTEERRMMSS OOFFSSEECCUURRIINNGG UUSSEERRDDAATTAA,, IISS TTHHEE RR&&EESSEECCTTOORR DDIIFFFFEERREENNTTFFRROOMM OOTTHHEERRSS??Securing data on bring-your-owndevices in a university setting is differentthan in a corporate environment. Facultyand staff are highly mobile—spendingmuch of their time off campus, awayfrom a secured network connection. Yetthe information that exists on those userdevices is sensitive data, such asstudent grades and accounts, andacademic research—all with a significantneed to be safeguarded from hackersand viruses. As more devices andmobile apps are embraced by users, ITmust find new ways to ensure endpointdata security while allowing business togo on as usual.

NNAAAASS,, SSDDNN AANNDD NNFFVVEECCOOSSYYSSTTEEMM:: WWHHAATT VVIIRRTTUUAALLIISSAATTIIOONN IISS DDOOIINNGGFFOORR FFUUTTUURREE GGÉÉAANNTT NNEETTWWOORRKK SSEERRVVIICCEESS

AAbbssttrraacctt——TThhee vviissiioonn ooff tteelleeccoommmmuunniiccaattiioonnss nneettwwoorrkkiinnggrreeqquuiirreess aaggiillee pprrooggrraammmmaabbiilliittyy aanndd eeffffiicciieenntt iinnttrroodduuccttiioonn ooff nneewwnneettwwoorrkk sseerrvviicceess,, wwiitthh ssyysstteemmss tthhaatt pprroovviiddee ggrreeaatteerrpprrooggrraammmmaabbiilliittyy aanndd fflleexxiibbiilliittyy wwhhiillee rreedduucciinngg oovveerraallllooppeerraattiioonnaall ccoossttss.. TThhiiss rreefflleeccttss aann oovveerraallll tteecchhnnoollooggiiccaall aannddeeccoonnoommiicc ttrraannssffoorrmmaattiioonn ttrreenndd ddeeeeppllyy iimmppaaccttiinngg TTeelleeccoomm aannddIITT iinndduussttrriieess.. AA sshhiifftt iiss ttaakkiinngg ppllaaccee ttoowwaarrddss ssooffttwwaarree ddrriivveennnneettwwoorrkkss,, wwhhiicchh iinncclluuddeess tthhee eeffffoorrttss iinn SSooffttwwaarree--DDeeffiinneeddNNeettwwoorrkkiinngg ((SSDDNN)),, NNeettwwoorrkk FFuunnccttiioonn VViirrttuuaalliizzaattiioonn ((NNFFVV)) aannddNNeettwwoorrkk aass aa SSeerrvviiccee ((NNaaaaSS))..

IInnddeexx TTeerrmmss——NNaaaaSS,, SSDDNN,, NNFFVV,, NNeettwwoorrkk sseerrvviicceess..

II.. NNAAAASS,, SSDDNN AANNDD NNFFVV EECCOOSSYYSSTTEEMM::OONNEE SSTTEEPP BBEEYYOONNDDSDN [1], NaaS [2] and NFV [3] greatly increase automation, optimizationand flexibility for the telecom sector and constitute a key enabler fornetworks carrying both innovative end-user facing and resource-facingservices in several ways:

• Decoupling of network functions from the hardware vendor allows third-party developers to enter the hardware-controlled segment, adding fresh competition from new sources.

• Telecom operators are expected to have greater choice and operational control of network functions to integrate into their equipment, without being locked to a hardware vendor.

• Hardware constraints slow implementation and testing, from hardware vendor and to complex integration at the telecom operator. NFV improves time to market of innovative deployments.

• The NaaS service model tailors network services to customers. It leans on virtualization technologies and integrates SDN technology and NFV developments to deliver, manage and fit out a wider service portfolio, to a wider range of users, than was possible before.

SDN is a flexible intermediate layer between the high-level NFV-based services offered by NaaS and the low-level infrastructure components.Together, these technologies (and their results, such as Management as a Service) will drive novel business opportunities and provide NRENs and their clients with novel services.

IIII.. GGRROOWWTTHH AANNDD VVAALLUUEE AARROOUUNNDDGGÉÉAANNTT SSEERRVVIICCEESS AANNDD SSHHOOWWCCAASSEESSThe value of these approaches is shown in GÉANT, where nationalresearch networks (NRENs) deploy services that must interact with othernetworks elsewhere. Doing so quickly is a challenge, because the existingarchitecture at each site is typically built only with regular IP connectivity in mind.

The value in using these technologies to virtualize the customerconnection comes from the wider range of services that can be deployed;the edge comes under the control of the NREN and can take advantageof multi-domain services from around GÉANT.

This leads, then, to the growth hypothesis for virtualized networks:that once services are more easily available, “network effects” take overand they will gain users at an accelerating rate.

JRA TECHNICAL PAPERS

José Ignacio Aznar, Eduard EscalonaDistributed Applications and Networks Area(DANA), i2cat Foundation, Barcelona, Spain{jose.aznar, eduard.escalona}@i2cat.ne

Dave Wilson, Victor ReijsHEAnet, IFC, Dublin 1, Ireland{dave.wilson, victor.reijs}@heanet.ie

30 CONNECT ISSUE 19 2015

IIIIII.. IIMMMMEEDDIIAATTEE CCHHAALLLLEENNGGEESS AANNDD CCOONNCCLLUUSSIIOONNSSFrom a technical perspective there are key specific missing pieces.NFV/SDN based services development is cumbersome and not yet easyto operationalise with high speed. Much of the process is still a manualand hence slow, and unreliable. And without proper deployment andoperational support tools, the adoption of virtualised services will be slow.

On the operational side, telecoms must be able to rapidly adapt andshift. Software-driven networks introduce a need to deal with a rapidlychanging environment. Likewise, a similar approach in the networkindustry can leverage NFV and hardware independence.

On the user side, it is fundamental to create Real Value proposition:Make an assumption about what will make NaaS, NFV and SDN useful tousers, validate it, and report on the limitations/needs/specificrequirements in NRENs’ facilities. While the user might be interested in thetechnology, they will certainly be interested in the end result.

RREEFFEERREENNCCEESS[1] Software-Defined Networking: The New Norm for Networks".

White paper. Open Networking Foundation. April 13, 2012. [2] "Network Functions Virtualisation— Introductory White Paper".

ETSI. 22 October 2012. [3] GN3plus Milestone MJ2.2.1: “NaaS/NSI/Virtualisation Research

Roadmap”, September 2013.

JRA TECHNICAL PAPERS

VVIITTAAEEMMSScc.. JJoosséé IIggnnaacciioo AAzznnaarr is a project manager at the DANA of thei2CAT Foundation and GN3plus JRA2 Task Leader. He is secretary of theinformation technology group (AEN/CTN71/SC6), of the AENOR SpanishAssociation for Standardization and Normalization body.

DDrr.. EEdduuaarrdd EEssccaalloonnaa is Director of the Distributed Applications andNetworks Area at the i2CAT Foundation. His main research interests arerelated to SDN and control and management of future internetinfrastructures.

DDaavvee WWiillssoonn studied Computer Science at University College Dublinand now works for HEAnet, where he is responsible for the IP network.He is co-chair of the RIPE IPv6 working group, and active in GÉANT.

VViiccttoorr RReeiijjss manages the Network Development department inHEAnet and is actively involved in international activities includingGN3plus, XIFI, Network as a Service (NaaS/SDN), as well as (optical)networking, point-to-point links, virtualisation and monitoring in general.

Figure 1. NaaS-SDN-VFN current ecosystem and foreseen one step beyond

31

32 CONNECT ISSUE 19 2015

AAbbssttrraacctt——TThhiiss aarrttiiccllee ssuummmmaarriizzeess rreessuullttss ooff cclloouudd ssuurrvveeyyccaarrrriieedd oouutt bbyy GGNN33pplluuss aanndd JJRRAA22 TT11 tteeaamm..

II.. IINNTTRROODDUUCCTTIIOONNIncreasing popularity of cloud services as well as new emerging networktechnologies may impose new requirements to the Research andEducation Networks (RENs). To investigate how cloud service provisioningmay influence networks a survey focusing on network requirements as toCloud Computing was constructed and sent to GÉANT (N)RENs; thus thequestionnaire asked primarily on ‘what can the network do for clouds’. Indetail the survey was focused more technically on SDN/NFV[1][2], thenetwork set-up, statically or dynamically configured and their virtualizationand processes, respective used technologies. On cloud computing wefollowed the conventions of NIST[3].

IIII.. RREESSUULLTTSS OOFF TTHHEE SSUURRVVEEYYThe survey feedback is about 20 responses from the (N)REN community.The highlights of the feedback are presented. Signee’s affiliations could bedivided into three categories:

• National Research and Education network • Research organizations and Universities • Others (e.g. private research labs)

Today building cloud services were mostly focused on the RENs’requirements based on national roadmaps with academic ICTs and/ortheir research community as target audience. The feedback showed that57% of all responses provided offerings or consumed cloud services asIaaS and PaaS. Only 10% described offerings/services on SaaS and 13%listed providing/consuming other services. Other services were mostly amix, e.g. VMs with Linux or Windows OSes, firewalling, separate subnetsfor research projects, big data services or providing/consuming individualservices locally or on specific HPCaaS.

JRA TECHNICAL PAPERS

Susanne Naegele-Jackson FAUErlangen, GermanySusanne.Naegele-Jackson@fau.de

Eduard Escalonai2CATBarcelona, Spaineduard.escalona@i2cat.net

Jiří MelnikovCESNETPrague, Czech Republicmelnikov@cesnet.cz

Kurt BaumannSWITCHZurich, Switzerlandkurt.baumann@switch.ch

Miłosz PrzyweckiPoznan Supercomputing and NetworkingCenterPoznan, Polandmprzyw@man.poznan.pl

SSUURRVVEEYY:: NNEETTWWOORRKKAANNDD CCLLOOUUDD CCOOMMPPUUTTIINNGGAA QQUUAALLIITTAATTIIVVEE AANNAALLYYSSIISS

33

Answering the question of the maturity level on Cloud computing wecould summarize it as Building Cloud Competencies (BCCs), instantiatedby national/international projects, initiatives, trials and prototyping,standardization work, and own deployments on institution’s level. As for the specific network requirements when asked about the access toclouds, NRENs’ user relied on dedicated connections, whereas usersoutside the campus network indicated to use the commodity Internet orVPNs. 20% of the respondents noted to have limited bandwidth.

Answering the questions about network configuration, (static vsdynamic), 80% of respondents indicated that they use staticallyconfigured networks; 20% use both. For dynamic configurations mostlyclassic approaches such as VLANs and VPNs were mentioned, but someanswers also listed more advanced technologies such as GÉANT BoD[4],OpenStack Neutron[5], that includes a set of APIs, plug-ins reflecting SDNto the network. The evaluation of the network configuration answersshowed also that today 75% of the NRENs mostly still rely on VLAN fortraffic isolation between tenants; VXLAN (15%) and GRE tunnels (15%)were also listed. Further, some NRENs described technologies like MACaddress space separation, proxy ARP or MPLS configurations.

Looking for expertise in SDN/NFV implementation at the (N)RENs,66% of signees declared familiarity of the terms and implementationforms of SDN and NFV, mostly on research and engineering level; but thesurvey showed too that 30% of respondents are waiting for hardwarebased SDN implementation and are willing to take this into account whenconsidering upgrades of network devices. Up to 60% indicated that theyare currently developing or planning deployment on SDN apps. Howevertoday none of the respondents does allow end-users, students,researchers and staff into the NRENs community to deploy their ownapps.

Answers to the questions as to inter-cloud computing, e.gestablishing of federations, confirmed that approximately 60% ofrespondents actually had experience with inter-cloud computing. On thewish-list NRENs replied that they would prefer hybrid clouds in whichprivate and public cloud services are interconnected but with unifiedmechanisms and automation in place for operating both.

The question about existing cloud service portfolios and future plansof new services showed various trends, the most important ones are:

• TaaS for research/experiments, e.g. video streaming and in-network caching experiments.

JRA TECHNICAL PAPERS

• Cloud services on demand, e.g. VMs and GUIs. This implies orchestration, aggregation and distribution of resources is in a wider scope, OpenStack as an orchestrator is in focus.

• Providing Cloud Storage to the GÉANT community, e.g. on Synnefo Pythos.

• Having a concept of a Cloud FEDERATION, IaaS cloud and Satellite image processing.

IIIIII.. CCOONNCCLLUUSSIIOONNTo support cloud computing network requirements identified in the surveyboth stable and high quality IP network, as well as providing advanced(network) services and testbed services for when it comes to SDNavailability should be assured. Central cloud services brokerage is a goodapproach and open the door to cloud federations. Such services mayleverage efforts to host cloud services within different NRENs' networks ormay integrate national cloud initiatives under a collaborative umbrella. For federations of cloud services, mechanisms for resource planning,federation of credentials and common service portfolios should beinvestigated.

AACCKKNNOOWWLLEEDDGGEEMMEENNTTWe would like to thank Andres Steijaert and Damir Regvart as well as SA7and JRA1T2 teams for their help in preparation of the survey.

RREEFFEERREENNCCEESS[1] SDN, hhttttppss::////wwwwww..ooppeennnneettwwoorrkkiinngg..oorrgg//ssddnn--rreessoouurrcceess//ssddnn--ddeeffiinniittiioonn[2] NFV, Network Functions Virtualisation,

hhttttpp::////wwwwww..eettssii..oorrgg//tteecchhnnoollooggiieess--cclluusstteerrss//tteecchhnnoollooggiieess//nnffvv[3] NIST, Definiton of Cloud computing,

hhttttpp::////ccssrrcc..nniisstt..ggoovv//ppuubblliiccaattiioonnss//nniissttppuubbss//880000--114455//SSPP880000--114455..ppddff[4] GÉANT Bandwidth on demand service,

hhttttpp::////sseerrvviicceess..ggeeaanntt..nneett//bboodd//PPaaggeess//HHoommee..aassppxx[5] OpenStack Neutron,

hhttttpp::////sseeaarrcchhssddnn..tteecchhttaarrggeett..ccoomm//ddeeffiinniittiioonn//OOppeennSSttaacckk--NNeeuuttrroonn

AAbbssttrraacctt——TThhiiss ppaappeerr pprreesseennttss tthhee ccoonncceepptt ooff OOppeenn CClloouuddeeXXcchhaannggee ((OOCCXX)) tthhaatt hhaass bbeeeenn pprrooppoosseedd bbyy tthhee GGNN33pplluussJJRRAA11 ttaasskk22 aaccttiivviittyy ttoo bbrriiddggee tthhee ggaapp bbeettwweeeenn ttwwoo mmaajjoorrccoommppoonneennttss ooff tthhee cclloouudd sseerrvviicceess pprroovviissiioonniinngg iinnffrraassttrruuccttuurree::CClloouudd SSeerrvviiccee PPrroovviiddeerr ((CCSSPP)) iinnffrraassttrruuccttuurree;; aanndd cclloouuddsseerrvviicceess ddeelliivveerryy iinnffrraassttrruuccttuurree wwhhiicchh iinn mmaannyy ccaasseess rreeqquuiirreessddeeddiiccaatteedd llooccaall iinnffrraassttrruuccttuurree aanndd qquuaalliittyy ooff sseerrvviicceess tthhaattccaannnnoott bbee ddeelliivveerreedd bbyy tthhee ppuubblliicc IInntteerrnneett iinnffrraassttrruuccttuurree.. TThhiissddooccuummeennttss aallssoo ddeessccrriibbeess tthhee ffeeaattuurreess aanndd bbeenneeffiittss ooffGGÉÉAANNTT’’ss OOppeenn CClloouudd eeXXcchhaannggee ((ggOOCCXX)) aass aa pprrooppoosseeddaarrcchhiitteeccttuurree ssoolluuttiioonn ttoo rruunn ddaattaa iinntteennssiivvee rreeaall--ttiimmee cclloouuddaapppplliiccaattiioonnss oonn ttoopp ooff GGÉÉAANNTT ttoo aaddddrreessss tthhee ggrroowwiinngg ddeemmaannddffoorr cclloouudd sseerrvviicceess wwiitthhiinn tthhee RR&&EE eennvviirroonnmmeenntt..

IInnddeexx TTeerrmmss——IInntteerrcclloouudd AArrcchhiitteeccttuurree FFrraammeewwoorrkk ((IICCAAFF));; OOppeennCClloouudd eeXXcchhaannggee ((OOCCXX)),, GGÉÉAANNTT OOppeenn CClloouudd eeXXcchhaannggeesseerrvviiccee ((ggOOCCXX)),, IInntteerrcclloouudd FFeeddeerraattiioonnss FFrraammeewwoorrkk,, DDyynnaammiiccTTrruusstt EEssttaabblliisshhmmeenntt..

II.. IINNTTRROODDUUCCTTIIOONNThe continued rise in the use of cloud computing [1, 2] means that thereis also a growing demand for these services in the research andeducation (R&E) environment. This creates new challenges for NationalResearch and Education Networks (NRENs) as additional strain is placedon their networks. A reliable high-performance networking infrastructure istherefore necessary to facilitate the delivery of cloud computing servicesto end-users in the R&E community [3].

In many cases large Cloud Service Providers (CSP) establish a Pointof Presence (POP) for large customers. On the other hand, customerswith distributed campuses are willing to extend their network to one of theCSP’s POP.

The Open Cloud eXchange (OCX) has been proposed by theGN3plus JRA1 activity as a new concept and a new functionalcomponent of the general inter-cloud infrastructure. OCX intends tobridge the gap between the two major components of the cloud servicesinfrastructure: (1) Cloud Service Provider (CSP) infrastructure that typicallyhas a global footprint and is intended to serve the global customercommunity; and (2) cloud services delivery infrastructure which in manycases requires dedicated local infrastructure and quality of services thatcannot be delivered by the public Internet infrastructure.

JRA TECHNICAL PAPERS

Damir RegvartCARNet - Croatian Academic and ResearchNetwork (HR)damir.regvart@carnet.hr

Yuri DemchenkoUniversity of Amsterdam (NL)y.demchenko@uva.nl

Migiel de VosSURFnet (NL)migiel.devos@surfnet.nl

Tasos KaraliotasGRNET (GR)karaliot@noc.grnet.gr

Kurt BaumannSWITCH (CH)kurt.baumann@switch.ch

Daniel ArbelIUCC - Inter University ComputationalCenter (IL)dani@noc.ilan.net.il

Sonja FiliposkaSs. Cyril and Methodius University in Skopje (MK)sonja.filiposka@finki.ukim.mk

34 CONNECT ISSUE 19 2015

OOPPEENN CCLLOOUUDD EEXXCCHHAANNGGEE ((OOCCXX))

IIII.. CCLLOOUUDD UUSSEE CCAASSEESS FFOORRUUNNIIVVEERRSSIITTIIEESS IINNSSTTIITTUUTTIIOONNSS AANNDD NNRREENN’’SSTypical cloud use by universities and research community motivates theneed for dedicated delivery infrastructure for cloud services in order tosupport advanced research and collaboration [4, 5]. In this context theGÉANT/NREN network [6] clearly has great potential to undertake the roleof cloud service delivery network both within the R&E community (foracademic CSPs), and outside it (offering high-performing service deliveryfor public CSPs). In any case, the increase in use of cloud computing inthe R&E environment means that the need for the GÉANT network totake on this role will be inevitable in the near future. A major goal of theTask was therefore to review the status of the network architectures forcloud services delivery and lay down the steps for the future evolution ofthe GÉANT and the NRENs as a composite cloud service deliverynetwork that will offer high dedicated bandwidth and QoS to theirdemanding cloud end users.

With this goal in mind, a fruitful communication was initiated with anumber of CSPs, which in the case of Amazon Web Services (AWS), forexample, resulted in the awarding of the Amazon Educational Grant [7]which has been an important step in the promotion of cloud computingand cloud-ready networks in the GÉANT/NREN R&E community.

Much positive feedback has also been received from Microsoft Azure,CloudSigma, Kentis and Equinix. All of these contacts have establishedthe ground for further strengthening collaborations, especially with theCSPs that have also supported the idea of gOCX and participated in thedemo scenarios.

JRA TECHNICAL PAPERS

IIIIII.. OOPPEENN CCLLOOUUDD EEXXCCHHAANNGGEE ((OOCCXX))AARRCCHHIITTEECCTTUURREEThe OCX architecture is a response to the demand from the R&Ecommunity for federation-based cloud services with high-performanceconnectivity from campus/labs to cloud resources and scientific datasources; referring to the generic Cloud Services Model (CSM) [8].Designed with power cloud users in mind, the main goal of the OCXarchitecture is to provide dedicated infrastructure that will bring togetherthe CSPs and users in an efficient, fast, reliable and cost effective manner,facilitating intercloud computing federations. Please note that, in the restof the text, the term user (or end-user) is used to represent a power clouduser coming from an R&E organization (e.g. group of big data scientistsfrom a research institute) that would like to use one or more integratedcloud services.

gOCX is defined as (shown in Figure 1):• Physical Point of Presence (PoP) for providers and customers • L0-L2 network interconnection facility (optionally also connectivity

with dedicated optical links)• Marketplace that offers:

• a service directory, in which CSPs publish their services and userscan discover and subscribe to services,

• “connectivity as a service” via automatic link provisioning: users can set up connectivity on-demand (which in turn provides short “time-to-market”),

• an SLA Repository and Clearing house;• Trusted Third Party (TTP) that can act as:• Certificate directory that facilitates dynamic federation service

agreements,• Trusted introducer for dynamic trust establishment.

35

Figure 1. OCX interconnection capability and TTP role in establishing dynamic trust relations between OCX members

JRA TECHNICAL PAPERS

36 CONNECT ISSUE 19 2015

When deployed on top of the GÉANT/NREN network (see Figure 2), thegOCX, as defined above, involves a hierarchical distributed system withOCX instances in multiple NRENs, and one or several OCX instances atthe level of the GÉANT network, which are used not only for connectingCSPs, but also for orchestration and performance purposes. GÉANTOpen Exchanges [9] can easily add the role of OCX instance. Thephysical placement of the OCX instances is mainly determined by thegeographical closeness to cloud users and providers in relation to thenumber of willing parties (CSPs or users) to connect in that area. Thismeans that any NREN close to the physical location(s) of one or moreCSPs could host an OCX instance to which a given CSPs could connectusing a direct L0-L2 connection. Once a CSP is connected to at least oneOCX, the services it offers can be used by the whole GÉANT/NRENcommunity via the same OCX instance (for local users) or a different one(for remote users), depending on availability of necessary resources (portsand bandwidth). Actual network usage is subject to policy restrictionsdefined by GÉANT as applicable at the time.The proposed OCX architecture and service model is built uponsuccessful services like Internet Exchange (IX) [10] for general Internettraffic exchange and GOLE (GLIF Open Lightpath Exchange) [11] thatprovides lightpath interconnection service.

IIVV.. OOCCXX DDEESSIIGGNN VVAALLIIDDAATTIIOONNIn order to test the implementation of the gOCX design for power useruse cases the Task started with the organisation and deployment of thedemo scenarios. These demo scenarios also helped to obtain increasedunderstanding of the necessary steps that need to be defined and furtherautomated within gOCX, as well as of any possible difficulties and sideissues that might have been overlooked. The main aim of developing thedemo scenarios was to start early-stage negotiations with different CSPsso as to obtain valuable feedback which would enable the Task to assesstheir interest in collaborating on the gOCX proposal.

AA.. DDeemmoo sscceennaarriioo II:: TTeerreennaa NNeettwwoorrkk CCoonnffeerreennccee22001144In order to create a proof of concept demo that will highlight the benefitsof using gOCX, a simple test scenario was defined and presented in realtime at the TERENA Networking Conference, in 2014 [12]. The aim of theproof of concept is to present how the gOCX solution can provide areusable network infrastructure that will deliver guaranteed QoScompared to the public Internet best effort connection alternative.

The demo scenario was defined as follows: two institutions (A and B)would like to combine and edit several, locally available, HD videostreams. Two separately provided video streams are to be combined intoa single HD video stream using a cloud IaaS and storage provider[Okeanos]. The single combined stream is edited using imagemanipulation software available from a different CSP [CloudSigma]. Thevideo data located at the University of Amsterdam (UvA) is transferred toand from the computing resources demanded from Okeanos [13] andCloudSigma via the direct connections established using the OCXinstances. The resulting video is then sent to both participating institutions(clients).

BB.. DDeemmoo sscceennaarriioo IIII:: SSuuppeerrccoommppuuttiinngg CCoonnffeerreennccee 22001144 aanndd HHeelliixx--nneebbuullaa 22001144 aasssseemmbbllyyThe second demo scenario is an extension of the proof of conceptintended to introduce more participants in the demonstration. Theextended demo scenario involves multiple cloud service users fromacademic institutions that are connected to GÉANT via different NRENs.Most of the users have opted for gOCX to benefit from a joint service frommultiple CSPs, while one uses the traditional approach (commodityInternet instead of the direct L0-L2 connections provided by the OCXinfrastructure) so as to enable a qualitative and quantitative comparison ofboth approaches to be carried out. The demo scenario and its resultswere presented live at the Super Computing conference SC2014 in the USA.

Figure 2. OCX instances deployed in NRENs and GÉANT connected to main stakeholders

JRA TECHNICAL PAPERS

37

The task to be completed in this demo scenario was ultraHD VideoEditing and Streaming. Several institutions (University of Amsterdam(UvA), the Croatian NREN (CARNet) and the NREN from Israel (IUCC)collaborate on efficient transcoding and streaming of 4K movies stored atUvA. In the extended version the resource pool is enlarged with a numberof new CSPs. To transcode the vast amount of data, a number of VMsare spawned at Okeanos via GRNET OCX, at Cloud Sigma via SWITCHOCX, and at Kentis via NetherLight-SURFnet.

As shown in Figure 3, UvA and CARNet are connected to their localOCX instances, which enable them to easily gain direct access to thenecessary cloud resources via high-performance dedicated network links.On the other hand, the IUCC demonstrates the traditional approach byconnecting via the standard Internet at the closest GÉANT PoP, whileaccessing cloud services via GRE tunnelling.

Additionally, on-demand networking using an OGF NSI (Network ServiceInterface) connection service has been implemented by the CSP Kentis.The service enables on-demand connectivity between Kentis and otherNSI-enabled users and CSPs. In the demo, UvA uses the API provided byKentis to set up dedicated paths via NetherLight’s OCX that connect VMsspawned at Kentis to the UvA network, creating a network extension.

VV.. CCOONNCCLLUUSSIIOONNThe expansion of cloud computing services demands that the NRENsand GÉANT adapt their networks and services offer portfolios to includecloud-ready networks that offer high-level cloud services to their endusers. To further this goal, the JRA1 task 2 team proposes that a gOCXarchitecture be adopted as to provide a cloud-based collaborativeinfrastructure to support new emerging data-intensive research domainsand applications. The hierarchical structure of OCX points will enabledirect, on-demand connectivity between users and CSPs, providingdedicated bandwidth and the needed QoS and solving the last mile issues.

The gOCX architecture presented here can be extended [14, 15] tobring more benefits in the future, such as: offloading traffic which could leadto lowering costs of Internet traffic, the provision of TTP services througheduGAIN, and a broker service/marketplace which will allow the R&Ecommunity to choose from a broad range of cloud services that guaranteenetwork service levels while maintaining logical separation from the Internet.

RREEFFEERREENNCCEESS[1] NIST SP 800-145, “A NIST definition of cloud computing”, [online]

hhttttpp::////ccssrrcc..nniisstt..ggoovv//ppuubblliiccaattiioonnss//nniissttppuubbss//880000--114455//SSPP880000--114455..ppddff[2] NIST SP 500-292, Cloud Computing Reference Architecture, v1.0.

[Online] hhttttpp::////ccoollllaabboorraattee..nniisstt..ggoovv//ttwwiikkii--cclloouudd--ccoommppuuttiinngg//ppuubb//CClloouuddCCoommppuuttiinngg//RReeffeerreenncceeAArrcchhiitteeccttuurreeTTaaxxoonnoommyy//NNIISSTT__SSPP__550000--229922__--__009900661111..ppddff

[3] The Adoption of Cloud Services. TERENA. ASPIRE Report, September 2012. [Online]hhttttpp::////wwwwww..tteerreennaa..oorrgg//ppuubblliiccaattiioonnss//ffiilleess//AASSPPIIRREE%%2200TThhee%%2200AAddooppttiioonn%%2200ooff%%2200CClloouudd%%2200SSeerrvviicceess..ppddff

[4] Demchenko, Y., C.Ngo, M.Makkes, R.Strijkers, C. de Laat, Intercloud Architecture for Interoperability and Integration. Proc. The 4th IEEE Conf. on Cloud Computing Technologies and Science (CloudCom2012), 3 - 6 December 2012, Taiwan. IEEE Catalog Number: CFP12CLU-USB. ISBN: 978-1-4673-4509-5

[5] Demchenko, Y., C.Ngo, C. de Laat, J.A.Garcia-Espin, S.Figuerola, J.Rodriguez, L.Contreras, G.Landi, N.Ciulli, Intercloud Architecture Framework for Heterogeneous Cloud based Infrastructure Services Provisioning On-Demand. The 2nd Intl Workshop on inter-Clouds and Collective Intelligence (iCCI-2013). The 27th IEEE International Conference on Advanced Information Networking and Applications (AINA2013). 25-28 March 2013. ISBN-13: 978-0-7695-4953-8.

[6] GÉANT Project. [Online] hhttttpp::////wwwwww..ggeeaanntt..nneett//ppaaggeess//hhoommee..aassppxx[7] AWS, "Amazon Web Services (AWS) educational grant" [Online]

hhttttpp::////aawwss..aammaazzoonn..ccoomm//ggrraannttss//[8] IETF draft, B. Khasnabish, J. Chu, S. Ma, N. So, P. Unbehagen, M.

Morrow, M. Hasan, Y. Demchenko, Y. Meng, "Cloud Reference Framework" [Online] hhttttppss::////ddaattaattrraacckkeerr..iieettff..oorrgg//ddoocc//ddrraafftt--kkhhaassnnaabbiisshh--cclloouudd--rreeffeerreennccee--ffrraammeewwoorrkk//??iinncclluuddee__tteexxtt==11

[9] GEANTOpen, "GEANT Open PoP" [Online] hhttttpp::////wwwwww..ggeeaanntt..nneett//SSeerrvviicceess//CCoonnnneeccttiivviittyySSeerrvviicceess//DDooccuummeennttss//GGEEAANNTT%%2200OOppeenn%%2200MMSSAA..ppddff

[10] Promoting the Use of Internet Exchange Points: A Guide to Policy, Management, and Technical Issues, FInternet Society Report. 14 May 2009, [Online] hhttttpp::////wwwwww..iinntteerrnneettssoocciieettyy..oorrgg//pprroommoottiinngg--uussee--iinntteerrnneett--eexxcchhaannggee--ppooiinnttss--gguuiiddee--ppoolliiccyy--mmaannaaggeemmeenntt--aanndd--tteecchhnniiccaall--iissssuueess

[11] The GLIF “Automated GOLE Pilot” Project. [Online] hhttttpp::////ssttaaffff..sscciieennccee..uuvvaa..nnll//~~ddeellaaaatt//sscc//sscc1100//GGLLIIFFAAuuttoommaatteeddGGOOLLEEPPiilloott..SSCC..ppddff

[12] TNC2014, Yuri Demchenko, Migiel de Vos, Damir Regvart, Sonja Filiposka, Tasos Karaliotas, Alex Mavrin, Kurt Baumann, Daniel Arbel, Tony Breach, Jeroen van der Ham, Cees de Laat, Taras Matselyukh, Eduard Escalona, Open Cloud eXchange (OCX): Bringing Cloud Services to NRENs and Universities, Terena Network Conference (TNC2014), 19-22 May 2014, Dublin, Ireland. ISBN 978-90-77559-24-6.

[13] Okeanos, GRNET's cloud service [Online] hhttttppss::////ookkeeaannooss..ggrrnneett..ggrr//aabboouutt//wwhhaatt//

[14] Ngo, C., Y.Demchenko, C. de Laat, Toward a Dynamic Trust Establishment Approach for Multi-provider Intercloud Environment, The 4th IEEE Conf. on Cloud Computing Technologies and Science (CloudCom2012), 3 - 6 December 2012, Taipei, Taiwan

[15] Membrey, P., K.C.C.Chan, C.Ngo, Y.Demchenko, C. de Laat, Trusted Virtual Infrastructure Bootstrapping for On Demand Services.The 7th International Conference on Availability, Reliability and Security (AReS 2012), 20-24 August 2012, Prague.

Figure 3. SC14 demo scenario II

II.. IINNTTRROODDUUCCTTIIOONNIn the future, the NRENs face a number of requirements from user,technology and cost perspectives. The work in GN3plus JRA1 Task 1 hasfocused on these requirements and has focused on integrating the keyfindings from all other tasks including Open Calls in JRA1 in the quest fora viable solution. The users today are everywhere and they expect 24/7access to their data with an acceptable quality. This boosts the demandsfor fixed and mobile cloud services, which again places severerequirements on the way the future network is equipped and managed. Inaddition, the NRENs are typically faced with cost reduction demands, andsuch different requirements call for a new network architecture which inparticular takes federated use of resources into consideration. This workinvestigates requirements to the future network architecture and providesa set of guidelines useful for NREN operator. The framework of the workis shown in Fig. 1.

IIII.. RREEQQUUIIRREEMMEENNTTSS TTOO FFUUTTUURREENNEETTWWOORRKK AARRCCHHIITTEECCTTUURREESSThe collection of requirements towards future architectures is based ongeneral literature, work in related GN3plus JRA1 tasks [GN3p-JRA1-T3,GN3p-JRA1-T2] and key results European projects CONTENT[CONTENT], BonFire [BONFIRE], and GEYSERS [TZA-2014]. Therequirement analysis reveals that the current network technologies andarchitecture cannot offer the fully dynamic and flexible transport servicesneeded for the future service orchestration; a service orchestration whichshould include both IT and network infrastructure resources. In addition,new technologies emerge for very high bandwidth, and the ability tounderstand and manage these technologies should be supported. Fromthe cloud perspective, it is needed to provide the infrastructure to supportGEANT Open Cloud Exchanges (gOCX) and further for cost reductionpurposes implementing Open Exchange Points.

IIIIII.. TTEECCHHNNOOLLOOGGIIEESS TTOOWWAARRDDSSFFEEDDEERRAATTEEDD UUSSEEThe GN3plus JRA1 Task has collaborated closely with the two Open Callprojects REACTION [REACTION] and MOMoT [MOMOT] which deal withthe optical spectrum from bandwidth improvement and alien waveaspects, respectively. The joint work has resulted in an improvedunderstanding of the spectral impact of different modulation schemes andAlien Waves, which is highly needed for utilising the spectrum for ultra-high bandwidth and federated use of spectral resources. Also, the workprovides a survey on the common techniques for increasing bit ratesincluding sophisticated modulation schemes and super channels.Possible models for the set of technologies typically available at an NRENare shown in Common technology mapping. And the models arecompared to vendor roadmaps. This provides an overview of the basichandles and tools available for NRENs; understanding these handles isthe key to identify possibilities for cost saving federations.

When the traditional TDM technologies in the WAN are replaced withEthernet, the intrinsic timing reference is no longer available. This calls foralternative technologies to ensure the time synchronisation between

JRA TECHNICAL PAPERS

Henrik WessingTechnical University of Denmark (DK)hewe@fotonik.dtu.dk, +4545253804

Kurosh BozorgebrahimiUNINETT (NO)kurosh@uninett.no

Anna TzanakakiUniversity of Bristol (UK)at12368@bristol.ac.uk

Susanne Naegele-JacksonUniversity of Erlangen-Nuremberg (DE)Susanne.Naegele-Jackson@fau.de

Victor OliferJisc Technologies (UK)Victor.Olifer@jisc.ac.uk

Andreas MetzInstitut für Rundfunktechnik (DE)metz@irt.de

Josef Vojtech and Pavel SkodaCESNET (CZ){josef.vojtech|pavel.skoda}@cesnet.cz

Bartosz BelterPSNC - Poznan Supercomputing and NetworkingCenrter (PL)bartosz.belter@man.poznan.pl

FFUUTTUURREE NNEETTWWOORRKKAARRCCHHIITTEECCTTUURREESS

38 CONNECT ISSUE 19 2015

AAbbssttrraacctt——TThhiiss ssttuuddyy iiddeennttiiffiieess kkeeyy rreeqquuiirreemmeennttss ffoorr NNRREENNssttoowwaarrddss ffuuttuurree nneettwwoorrkk aarrcchhiitteeccttuurreess tthhaatt bbeeccoommee aappppaarreenntt aassuusseerrss bbeeccoommee mmoorree mmoobbiillee aanndd hhaavvee iinnccrreeaasseedd eexxppeeccttaattiioonnssiinn tteerrmmss ooff aavvaaiillaabbiilliittyy ooff ddaattaa.. IInn aaddddiittiioonn,, ccoosstt ssaavviinnggrreeqquuiirreemmeennttss ccaallll ffoorr ffeeddeerraatteedd uussee ooff,, iinn ppaarrttiiccuullaarr,, tthhee ooppttiiccaall ssppeeccttrraall rreessoouurrcceess..

IInnddeexx TTeerrmmss——CClloouudd sseerrvviicceess,, ffeeddeerraattiioonnss,, nneettwwoorrkkaarrcchhiitteeccttuurree,, aalliieenn wwaavveess,, ttiimmee ssyynncchhrroonniissaattiioonn,, OOppeenn eexxcchhaannggeess..

services in the NREN environment. In the work, technologies have beenevaluated for providing synchronisation in the sub ps and ns scales.Specifically, experimental evaluation of PTP for providing synchronisationbetween Nuremberg and Munich over a packet switched network hasbeen conducted with successful results for normal network conditions.Also timing stability necessary for comparison of atomic clocks has beenachieved relying on regular alien waves within two DWDM systems [VOJ-2014].

IIVV.. SSUUGGGGEESSTTEEDD AARRCCHHIITTEECCTTUURREEKnowing the emerging technologies and the tools available at the NREN itis possible to sketch a network architecture supporting the future need forcloud computing, mobile access and seamless provisioning of networkresources and Zero Touch Connectivity. The suggested networkarchitecture is shown in : Suggested Network Architecture

The Physical Infrastructure Layer is multi domain, and comprises veryheterogeneous technologies. The basic elements that can bemanipulated are among others fibres, lambdas, spectrum, ODUs,Ethernet, exchanges points, computational and storage resources. Theset of technologies depends on the given NREN and a keyrecommendation is to identify which of these resources are suitable forfederated use.

The Physical Infrastructure Management is responsible for providingmanagement of physical resources and enabling capabilities such assharing resources. A key challenge is a unified description of the physicalresources needed for scaled integrated provisioning.

The Control and Service Orchestration layers are responsible for theservice provisioning and orchestration of IT and network resources. A number of relevant technical solutions have been investigated andproposed for a variety of scenarios spanning from multi-layer architecturesup to procedures, protocols and interfaces allowing integrated workflowsto support delivery and operation of joint cloud and network services. It is

JRA TECHNICAL PAPERS

recommended to implement unified management in the network andintegrate existing solutions with available Open Source managementplatforms.

VV.. CCOONNCCLLUUSSIIOONNSSThe mobility of NREN users and the requirement to always access data inthe cloud identified new requirements towards network infrastructures.This work has addressed these new challenges by investigating therequirements to come up with guidelines for the NRENs for their futurenetwork architectures. The technology enablers for realising this, e.g,bringing the networks beyond 100G have been addressed, and a newmodular network architecture has been derived.

RREEFFEERREENNCCEESS[BONFIRE] hhttttpp::////wwwwww..bboonnffiirree--pprroojjeecctt..eeuu//[TZA-2014] A. Tzanakaki et al, “GEYSERS Planning of Dynamic Virtual

Optical Cloud Infrastructures: The GEYSERS Approach”, IEEE Communications Magazine, January 2014

[CONTENT] hhttttpp::////ccoonntteenntt--ffpp77..eeuu//[GN3p-JRA1-T2] D. Regvart, Y. Demchenko, S. Filiposka, M. de Vos, T.

Karaliotas, K. Baumann, D. Arbel, “Network Architectures for Cloud Services White Paper”, MS101 (MJ1.2.1), GÉANT, March 2014

[GN3p-JRA1-T3] R. Tuminauskas, C. Tziouvaras, F. Panken, H. Yu, M. Garstka, Nicholas Garnier, Zbigniew Ołtuszyk, “Network architecture for aggregating high-speed mobile networking”, MS102 (MJ1.3.1) White Paper, GÉANT, March 2014

[MOMOT] Martin N. Petersen (DTU), Nicola Sambo (CNIT), Andrea Sgambelluri, (CNIT), Anna M. Fagertun (DTU), “Open Call Deliverable for MOMoT (Multi-Domain Optical Modelling Tool) D1.1 Final project report”

[REACTION] Filippo Cugini et al., Open Call Deliverable REACTION DN1.1: REACTION Project: final report

[VOJ-2014] Vojtech. J. et al, Fibre spectrum sharing for R&D Networks, 8th CEF networks workshop 2014, hhttttpp::////wwwwww..cceessnneett..cczz//wwppccoonntteenntt//uuppllooaaddss//22001144//0099//FFiibbrree__ssppeeccttrruumm__sshhaarriinngg__ffoorr__RRDD__NNeettwwoorrkkss..ppddff

39

Fig 1. Framework and motivators for the work

Fig 3. Suggested Network Architecture

Fig 2. Common technology mapping

AAbbssttrraacctt——TThhee ccoommmmuunniittyy ddeemmaannddss sseeaammlleessss aacccceesssspprrooppoossaall iinntteeggrraatteedd aaccrroossss tteecchhnnoollooggiieess aanndd tthhuuss eexxtteennddiinnggtthhee ccoonnffiinneess ooff uunniivveerrssiittyy pprreemmiisseess.. TThhee ttaasskk hhaass iiddeennttiiffiieeddnneettwwoorrkk tteecchhnnoollooggyy eennaabblleerrss ttoo aacchhiieevvee tthhiiss iinn tthhee RR&&EEeennvviirroonnmmeenntt.. TThhee ppaappeerr oouuttlliinneess tthhrreeee mmaaiinn ddiirreeccttiioonnss oofftteecchhnnoollooggyy rreesseeaarrcchh aanndd pprroottoottyyppiinngg ffuuttuurree wwiirree--ffrreeee wwoorrlldd..

II.. IINNTTRROODDUUCCTTIIOONNThe industry proposal for Horizon 2020 network architecture [1] considersthe possibility that one trillion devices will be connected in Europe alone.The uptake of WiFi and introduction of 4G has increased the interest inthe mobile learning concept [2]. The network architectures for theaggregation of high-speed mobile and wireless networking are becomingan important enabler of contemporary R&E activities.

Deployment of eduroam forms a firm ground for further involvementinto the mobile/WiFi architectures. Novel architectures are aimed toimprove the experience to match the demand. The task has identified twokey elements to improve:

1. seamless roaming in the extended heterogeneous radio access environments, and

2. expansion of the footprint of eduroam access.

IIII.. RROOAAMMIINNGG AANNDD HHRRAANNIntegrating different wireless access technologies to provide users withdata services will result in the creation of a heterogeneous radio accessnetwork (HRAN), e.g. Wi-Fi and cellular networks operated by the sameentity to provide data services to its users. Moving from one wirelessnetwork to another can cause traffic to restart on a new interface on theUE. Current industrial solutions [3] address the UE handover within anetwork operated by a single entity (operator). Owning a mobile networkcode is an important prerequisite to become Mobile Virtual NetworkOperator. Obtaining one, however, requires offering a public ICT service.Since many NRENs offer service to a closed community, a mobilenetwork code cannot be obtained and hence NRENs are forced to lookfor alternatives to integrate Wi-Fi and cellular networks.

However, the reality of the R&E community is more complex than thatpresented by the homogeneous operation of a single-provider network.The close geographical proximity of different wireless technology domainsoperated by different entities is the common situation.

JRA TECHNICAL PAPERS

Chrysostomos Tziouvaras GRNETAthens, Greecetziou@grnet.gr

Frans Panken SURFNetUtrecht, Netherlandsfrans.panken@surf.net

Hao Yu Dept. of photonics Danmarks Tekniske Universitet (DTU)Lyngby, Denmarkhaoyu@fotonik.dtu.dk

Nicholas Garnier GIP RENATERParis, Francenicholas.garnier@renater.fr

Raimundas Tuminauskas IT department Kauno technologijos universitetas (KTU)Kaunas, Lithuaniaraimundas.tuminauskas@ktu.lt

Marcin Garstka, Zbigniew Ołtuszyk Poznan Supercomputing and NetworkingCenter, PSNCPoznan, Polandmarcinga@man.poznan.pl,

NNRREENNSS IINN TTHHEE WWIIRREE--FFRREEEE WWOORRLLDD““NNEETTWWOORRKK AARRCCHHIITTEECCTTUURREESS FFOORR AAGGGGRREEGGAATTIINNGGHHIIGGHH--SSPPEEEEDD WWIIRREELLEESSSS//MMOOBBIILLEE NNEETTWWOORRKKIINNGG””

40 CONNECT ISSUE 19 2015

The proposed solution for vertical handover aims at making thehandover process transparent and fast so that the UE does not have toperform any complex algorithm or application restart. The proposedmethodology utilizes the SDN approach to implement Proxy Mobile IPv6[4] protocol extensions for cooperation between the WLAN domain andthe Evolved Packet Core (EPC) in the cellular domain.

The data path characteristics may be optimized by establishingphysical connections between LMAs of adjacent providers.

The idea promoted to solve the multi-domain handover problemrequires new areas to be evaluated and developed, so the modeling andsimulation work is preferred at this stage. A model for the signaling pathhas been built in OPNET Modeler to evaluate the complexity of theprotocol.

IIIIII.. EEXXPPAANNSSIIOONN OOFF EEDDUURROOAAMMFFOOOOTTPPRRIINNTTA. eduroam in the public areas

eduroam has already established its success, with a constantlygrowing number of connected sites and a large number of researchersand students using eduroam for their specific research needs as well assimply to gain Internet access. eduroam is available in most R&Einstitutions in the EU and many outside the EU. eduroam is usuallyavailable in the areas covered by the Wi-Fi networks of the participatinginstitutions – mainly university campuses. The idea for expanding theeduroam coverage beyond campuses is to use WiFi infrastructuresbelonging to other providers as access networks for eduroam. It isexpected that WiFi providers who provide their services for free (likemunicipalities, conference centres, transportation hubs, etc.) should notbe opposed to introducing the eduroam SSID in their infrastructures,while providers of commercial services will require more advancedbusiness cases.

There are some working examples of eduroam in non-campusinfrastructures, including city centres, airports and R&E community eventsthat support the idea of expanding eduroam outside campuses.

B. WaaSAs a consequence of the popularity and growth of Wi-Fi, the

operational overhead to maintain and manage a Wi-Fi environment hasbecome considerable for institutions. Furthermore, the Wi-Fi networkneeds upgrades rather frequently as a result of demand for flexibility,functionality and capacity. At one hand institutions rely on a good properfunctioning Wi-Fi network whereas at the other hand they increasingfocus on their core business. Combining the two trends, institutions maysoon lack the resources and knowledge to purchase and/or install andmaintain a Wi-Fi service. As the NREN is the institute’s collaborationorganisation which has proven itself by delivering a reliable internetconnectivity, their service can be extended by offering deliver Wi-Fi as a service (WaaS).

WWaaaaSS aarrcchhiitteeccttuurree uusseedd iinn ppiilloott iimmpplleemmeennttaattiioonnWaaS builds upon current existing models as cloud-controlled and cloud-managed Wi-Fi networks. The Wi-Fi components at the variousinstitutions must be managed from a central location. All sites will havecommon radio planning and installation methodology and operate on thesame hardware. The basis of the WaaS-architecture is that the Wi-Fiaccess points can be easily connected to the NREN’s infrastructure viathe Local Area Network of each institution.

JRA TECHNICAL PAPERS

IIVV.. CCOONNCCLLUUSSIIOONNSSThe performed simulation of PMIPv6 [4] extensions has shown that:

• It is possible to achieve seamless handover between different operators.

• The data path in this case mandates sufficient network connectivity between operators to support data flow to the home MA.

• SDNs have evaluated as a signaling technology. SDN and OpenFlowtechnology framework is not yet mature enough to support required functionality of interworking between administrative domains (operators).

eduroam service take-up in Poznan indicate that the ultimate feasibility ofsuch service. It can be provided by NRENs but there are cases of localuniversities extending their eduroam coverage into the public areas.

NNuummbbeerr ooff eedduurrooaamm uusseerr aauutthheennttiiccaattiioonnss iinn tthhee PPoozznnaann mmuunniicciippaall nneettwwoorrkkThe PoC implementation of WaaS show that such service is feasible forR&E institutions. The implementation phase revealed important steps likequality of access that have to be taken into the account while planningand implementing it.

The results of the study show that the community formed of theNRENs and GÉANT possesses the capabilities and is in the position toprovide a fundamental contribution to the expansion of the connectivity.

The WiFi and mobile service offering of GÉANT and the NRENsdirectly to individual R&E community members diffuses the establishedorganizational boundaries of R&E networking. NRENs are relying oncampus networks to provide the underlying infrastructure needed to offerWaaS, or offload public area traffic at the aggregation level. The federateduse of network resources should be adopted by the community tofacilitate operation of both local and centralized services on the samephysical infrastructure. Wi-Fi and mobile (2G/3G/4G) servicescomplement one another.

RREEFFEERREENNCCEESS[5] Horizon 2020 Advanced 5G Network Infrastructure for Future

Internet PPP Industry Proposal (Draft Version 2.1) (hhttttpp::////wwwwww..nneettwwoorrkkss--eettpp..eeuu//ffiilleeaaddmmiinn//uusseerr__uuppllooaadd//HHoommee//ddrraafftt--PPPPPP--pprrooppoossaall..ppddff)

[6] Lung-Hsiang Wong “A learner-centric view of mobile seamless learning”, British Journal of Educational Technology; Volume 43, Issue 1, pages E19–E23, January 2012.

[7] Rastin Pries, Dirk Staehle, Phuoc Tran-Gia, Thorsten Gutbrod “A Seamless Vertical Handover Approach” ,EuroNGI network of excellence, wwwwww33..iinnffoorrmmaattiikk..uunnii--wwuueerrzzbbuurrgg..ddee.

[8] Proxy Mobile IPv6 (PMIPv6) [RFC5213] and probably to IRTF “Proxy Mobile IPv6 (PMIPv6) Localized Routing Problem Statement” hhttttppss::////ttoooollss..iieettff..oorrgg//hhttmmll//rrffcc66227799.

41

42 CONNECT ISSUE 19 2015

COMMUNITY NEWS

What’s theimportance ofstandards? Guy: Standards are the cornerstone oftechnology development. Standardsallow the community to get together toagree a common approach to solvingtechnical challenges. The Internet isbuilt around standards developed inITU, IEEE, and IETF among others.These standards remove risk forequipment vendors and networkproviders – an IETF Standards-TrackRFC provides a commonly agreedmethod (such as a protocol) that allowsvendors’ equipment to interoperate.

The importance of standards ishighlighted when they go wrong. Forexample when the market place is splitby competing standards (Betamax vs.VHS) or standards are over-engineeredATM (Asynchronous Transfer Mode).But when we get standards right theyare technology enablers, and as acommunity GÉANT needs to beactively engaged in the standardsdevelopment to enable the innovativenew services for our community.

How are standardsmaking a differencein the R&Ecommunity?Guy: One of the greatest achievementsin European R&E networking has beenthe invention of the World Wide Web.One of the lessons to be learnt from thewww is that a great idea needs to bestandardized if it is to endure anddevelop. It you get this right, there isalmost no limit to the reach a protocolcan achieve. The new services we aredeveloping in GÉANT must be part of a

community effort to thrive. This meansthe community must agree a commonapproach which is formalized, either instandards or via de-facto standards suchas open-source code developments.

Can you give anexample ofsuccessful GÉANTengagement instandardsdevelopment? Richard: GÉANT operates the Wi-Firoaming consortium eduroam inEurope. Eduroam has tens ofthousands of hotspots and millions ofend users and is making use of the "Wi-Fi Certified" label as criterion for itsequipment. GÉANT has been active inthe Wi-Fi Alliance to influence Hotspot2.0 to ensure that it is eduroamcompatible.

Can standards drive new GÉANTservices?Guy: Yes, the Network ServicesInterface (NSI) standard that has beendeveloped in the Open Grid Forumwww.ogf.org is a good example of howthe NREN community can drive newtechnologies through standardization.Across the world there are many localdynamic circuit services, however thesehave been built around proprietary orregional protocols. NSI has broughttogether many NRENs from the US,Europe and East Asia to build aconsensus standard. NSI is a webservice based protocol that allowsglobal dynamic circuits to benegotiated.

How does GÉANT’sinnovationprogramme impactstandards? Richard: Three IETF Internet draftshave come out of the GÉANT Open Callprogram as well as one OGF draft.These contributions have helpedsupport GÉANT’s service portfolio. Forexample the SENSE project hasdefined an Extensible AuthenticationProtocol (EAP) configuration fileformat that enables your mobile deviceto set up authentication parameters inan automated way on multipleplatforms.

PictureGuy Roberts,Senior TransportNetworkArchitect,GÉANT

Q&AWITH GUY ROBERTS ANDRICHARD HUGH-JONES:STANDARDS IN GÉANT

43

COMMUNITY NEWS

OVER 100 GBPS TOBRIDGE ITALY’S DIGITALDIVIDE: THE GARR FIBEROPTIC NETWORKIn just two years, the GARR-X

Progress project has built aninfrastructure to extend andenhance GARR’s research and

education network. The project issupported by the Ministry ofEducation, University and Research,and aims not only to reduce the digitaldivide, but also to convert some Italianregions into real innovationlaboratories. Funded with EUR 46.5million with 5.5 million dedicated to

connecting schools, GARR-X Progresstargeted Italy’s Regions ofConvergence, where the Europeanindicators on competitiveness andtechnological innovation are below theEU average, considering that theregular use of the Internet is around40% while the objectives of theEuropean Digital Agenda are set at75%. Thanks to the project, currentlySouthern Italy has a digitalinfrastructure more advanced than the

rest of the country, with a backbone ofabout 4000 km with a transmissioncapacity at 100 Gbps and up to severalTerabits, highly distributed across4000 km and 24 Points of Presence(PoP) (restructured and strengthenedto host the new network equipmentprovided by the project) and a newdistributed computing and storageenvironment of 8,448 virtual CPUswith capacity of 10PB.

PictureClaudia Battista,ProjectCoordinator,GARR

44 CONNECT ISSUE 19 2015

COMMUNITY NEWS

There are hundreds of locationsinvolved, including universities,schools, research centers, academies,conservatories, biomedical researchinstitutes and cultural institutions(including museums, archives andlibraries) that will benefit from anetwork access up to 10 Gbps, bringingaggregate capacity to over 400 Gbps,which is more than four times thecurrent value, and serving about500000 users among researchers,teachers and students. Finally, theproject also provides training courseson the use, enhancement anddevelopment of digital infrastructuresfor different users.

We spoke to Claudia Battista,project coordinator.

GARR-X Progress isa very ambitiousproject realized in avery short time ... Exactly. GARR-X Progress hasachieved something really concrete forSouthern Italy with GARR fullyinvolved to deliver important results.We set ourselves some ambitious goals,making the most of all the experiencewe gained in the deployment of the firstfiber optic network, GARR-X, settingup a highly efficient organizationalmachine and building an infrastructuresimilar to GARR-X in terms of size andcomplexity in half the time comparedto the original effort. We started withthe planning of the infrastructure,proceeding then with the adaptationand setup of Points of Presence, thedelivery of fibers, the activation of thetransmission and IP / MPLS networkequipment, and the installation ofhardware and software for thecomputing and storage infrastructure.

What technologiesdid you use?For the equipment of the transmissionnetwork, the public tender was won bythe innovative Infinera "IntelligentTransport Network" technology, whichcan support multi-terabit opticaltransmissions. The technologicalsolution we chose is also adopted bythe GÉANT network and ischaracterized by the use of so-calledsuper channels capable of carrying on asingle pair of long distance opticalfibers a capacity of 500 Gbps (up to anaggregate of 8 Tbps) and deliverservices from 40 to 100 Gbps.

We purchased routers intechnological continuity with of theGARR-X ones: Juniper MX960 andMX480 updated with networkinterfaces at 40/100 Gbps, which allowthe creation of a ring at 100 Gbpsbetween the 4 core points of presenceof Naples, Bari, Catania and Palermo,and the creation of links from 10 to 40Gbps for the other aggregation PoPs.

A distributed computing andstorage infrastructure has beenimplemented on five sites, which weplan to interconnect at 40 Gbps tocreate a single distributed data centeravailable to the whole community.

What does a projectlike this mean forItaly? It means first of all that we bridge thedigital divide between different regionsof the country. The regions of SouthernItaly will be well positioned forparticipation in national and Europeanresearch programs and in view ofHorizon2020, bringing an advantageto the entire nation. The availability ofa collaborative environment made upof symmetrical links and a simple andsecure access to ICT resources tohandle large amounts of data, willsupport the active participation withinthe European Research Area; webelieve this can give a strong impetusto attract talent, knowledge and skillsalso in the South.

In accordance with the objectives ofthe Italian and European digitalagendas, GARR-X Progress aims tobecome the enabler of existingcollaborations and news ones; at thesame time, it will allow users toexperiment in a real environmentinnovative models of digitalinfrastructures that can be extended tothe whole country.

A collaborativeenvironment thatwill include schoolstudents, thanks tothe connection tothe GARR-XProgress network...Yes, because one new aspect of theproject is the high-bandwidth accessfor the schools. GARR-X Progress isexpected to connect 130 schools in thefour Regions of Convergence by the

end of June, even in areas far from thelargest towns, where the digital divideis stronger. These schools will join theother 130 already connected to GARR-X. The connected institutes areexperiencing completely new learningprocesses, from distance learning tothe creation of innovative trainingspaces, to the opportunity toparticipate in online universityorientation courses. Our goal is tofoster an innovative and experimentalteaching environment by strengtheningthe link between schools, universitiesand research and by creating anintegrated learning system ofexcellence at national level. Thefeedback we are receiving today fromthe schools is certainly very positiveand I would like to let them speakdirectly!

45

COMMUNITY NEWS

The schools speak:

Salvatore Giuliano – Headmaster of theMajorana Institute ofHigher Education, BrindisiWhen we learned about the GARRnetwork we quickly understood itspotential. Thanks to the GARR-XProgress project, we are nowconnected with optical fiber andthe advantage is evident. We arealready a 2.0 school, but in additionnow everyone can enter largeamounts of data over the networkin a short period of time. We haveover 1,000 student devices and500 computers: even the simplesimultaneous viewing of a videofor educational purposes wouldhave been a problem without thehigh bandwidth network.

Antonio Guida –Headmaster of the MarcoPolo Institute of HigherEducation, BariWe have been using electronicrecords, interactive whiteboardsand tablets for three years, butonly now we can make the most ofthem. As soon as we wereconnected to GARR we noticed anincrease in capacity from 4 to 98Mbps! The world has definitelychanged. Without the broadbandconnection we could not start theLiving School project to rethinkthe design of our learning spacesand conduct lessons even outsidethe classrooms.

Gabriella Chisari –Headmaster of the Galilei“Liceo Scientifico”, CataniaWe welcomed with enthusiasm theGARR proposal because we believein educational innovation and inthe opportunity to connectstudents with universities andprivate companies. We are doingour best to provide better learningopportunities for our students!

Picture?????????

46 CONNECT ISSUE 19 2015

COMMUNITY NEWS

LOOK TO IT FOR NEW OPPORTUNITIES IN TNE

Technology is such a crucialpart in delivering successfultransnational education(TNE) programmes, so you

would expect institutions’ ITdepartments to play a big role in theplanning and provision.A survey we released at the start of theyear with the Observatory onBorderless Higher Education (OBHE)about TNE in UK higher education(HE) showed this not to be the case.

Despite connectivity being integral touniversities offering teaching tostudents in other countries, almost half(45%) of IT workers were in the darkabout their own institution’s TNEprogrammes. The number of IT staffincluded in the decision making dropseven further, falling to 27% who wereinvolved in TNE developmentplanning, and only 1% in the initialdecision making.

This lack of awareness runsthrough to service management, withjust over half (52%) answering ‘don’tknow’ when asked about whether theirinstitution had run into data-relatedproblems through their TNE activities,while 57% were unaware if theirinstitutional risk assessments includedIT infrastructure.

Not only is this approach rathershort-sighted in not considering futuretechnology and network needs, it alsoopens up risks relating to cyber securityand data protection.

For many organisations the fast-evolving Transnational Education(TNE) market has meant they haven’t

always had the time to fully considerthe ‘how’, but connectivity is clearly ahugely important issue in providing ahigh quality, borderless education. Ifwe want to ensure that the UK retainsits position as a leader, universities andcolleges’ international departmentsneed to be made aware of the vital roleIT staff can play in the planning anddelivery of TNE, and encouraged toengage with their colleagues.

It’s hugely important thatinstitutions understand and are giventhe support they need to deliver world-class TNE. We believe that this beginswith communication. One of theoutputs of the report is that we haveembarked on a far-reachingengagement campaign with IT andinternational staff in both UK higherand further education. Our aim is to fillthis knowledge gap, increase IT staffinvolvement in TNE development anddelivery, and better share best practice.

To stay up-to-date, and view thereport, visit www.jisc.ac.uk.

Words andPictureEstherWilkinson,businessdevelopment leadfor transnationaleducation, Jisc

47

COMMUNITY NEWS

SHIBBOLETH UPDATEPROVIDES IMPROVED ACCESS AND IDENTITYMANAGEMENTThe research and education

community is set to benefitfrom an upgrade to a freeopen source software system

that will deliver better access andidentity management services.

Version 3 of the Shibboleth identityprovider offers significant functionaland security enhancements to singleweb sign-on, including user consentand on-demand metadata lookup. Italso supports the CentralAuthentication Service (CAS), theinternationally-recognised protocolused by many universities and researchorganisations.

The software has been released bythe Shibboleth Consortium - a

collaboration of international researchand education organisations. The twoprincipal members are Internet2 in theUS and Jisc in the UK. Jisc also acts asconsortium operator, managing theday-to-day running of the group.

“This new release comes with manynew features requested by the broadinternational community that usesShibboleth to make informed accessdecisions and protect their onlineresources,” said Shelton Waggener,senior vice president at Internet2 andchair of the consortium board.

Josh Howlett, head of trust andidentity at Jisc, said: “Seamless andsecure access to systems and services isparamount to the continued health of

the education and research sector,which makes Shibboleth a vital tool indelivering effective access and identitymanagement services.

“The latest release has beendeveloped for the community, by thecommunity, listening to their feedbackto ensure the software truly meets theirneeds, both now and in the future. Wewill continue to work with theconsortium to ensure this remains tobe the case.”

WordsJosh Howlett,head of trust andidentity at Jisc

UK RESEARCHERS SET TO BENEFIT FROM EASIER ACCESS TO DIGITAL SERVICES A new service enabling

researchers to access theirdigital resources andapplications through a

single, federated sign-on has beenlaunched, thanks to Jisc, the charitythat provides digital solutions foreducation and research.

A world-first, Assent, provided byJisc, enables simplified, seamless andsecure access to the broad range of weband non-web services that researcherscommonly need – from cloud, emailand file storage services, through todesktop login, high performancecomputing (HPC) facilities and securedata communications.

Assent uses the same openstandards and open source softwarethat underpin the two leadingfederated access services in globaleducation and research: eduroam, theworld-wide single sign-on roamingservice, and the UK AccessManagement Federation, whichprovides web-only single sign on. Itworks by combining these technologiesto provide a powerful and flexibleaccess management solutionappropriate to the needs of research.

There are significant benefits inadopting Jisc Assent for bothinstitutions and their researchers.

Institutions benefit by reducing thenumber of credentials issued to eachuser, greatly reducing theadministrative burden and cost. Useridentities are managed by their homeinstitutions, reducing the need to issuecredentials from partner organisations.

For researchers, using Assentmeans they are able to seamlesslyaccess the digital resources andapplications they need to do their jobs,wherever it has been made available bya participating organisation.

For more information visitwww.shibboleth.net

If you are interested in adoptingJisc Assent, please contactassent@jisc.ac.uk.

48 CONNECT ISSUE 19 2015

COMMUNITY NEWS

NETWORK PERFORMING ARTS PRODUCTIONWORKSHOPGÉANT is a partner in the series of Network Performing ArtsProduction (NPAP) workshops, of which the last one was held between4-6 May 2015 in London, UK. The use of the latest networkingtechnology in combination with performing arts was demonstratedand explained, and an evening performance by students at the RoyalCollege of Music was included for workshop participants.

49

COMMUNITY NEWS

PicturesLeft: Live multi-site danceperformance with musicians in Edinburgh,dancers inFlorida &London, featuredby students fromLiverpool JohnMooresUniversity usingVisimeet.

Top: Ann Doyle,Internet2, chairspanel discussionafter the eveningmultimediasymphony byMike Ladouceurand his creativeteam at RoyalCollege of Music.

Bottom: Stringquartet playinglive musicbetween Triesteand Londonusing the LOLAsystem.

More informationThis event was the eighth in the series of workshops thathas been held in Europe and the United States annuallysince 2009, and the fifth European event. The workshopwas hosted by the Royal College of Music, with localtechnical support provided by Jisc, which providesJanet, the UK national research and education network,and coordinated by Internet2 and the GÉANTAssociation Amsterdam office, with additional technicalexpertise provided by the Programme Committeemembers.

For an overview of the whole workshop series andonline learning materials, visit the NetworkingPerforming Arts Production Workshops page:https://www.terena.org/activities/network-arts/.

It has been the most attended NetworkPerforming Arts Production Workshopincluding the ten previouseditions in the US and the fourprevious events in Europe. On average,over fifty people joined. After Trieste,Paris, Barcelona and Vienna, theworkshop was hosted by the RoyalCollege of Music and JISC/Janet inLondon, UK. Aside from the highnumber of participants, also a recordnumber of technologies, performances,use cases, artists and networkers wereachieved in the three day event.

The workshop programmeincluded sessions where the latestnetworking technology was shown andexplained in combination with liveperformances, one of which was amulti-site dance performance given bylocal dancers from Liverpool, remotedancers from Miami, Florida, US andmusicians from Edinburgh, all usingthe Visimeet video conferencingtechnology. In addition to livedemonstrations, the workshopparticipants joined in hands-on

sessions with the largest collection ofspecialist arts and music streamingtechnologies ever assembled, such as4K Gateway technology of CESNET,which was used to create a 10Gconnection between London andPrague.

On top of all this, round-tablediscussions with experts of variousfields took place.The workshop built upon the basicknowledge and skills of people who hadalready participated in one or more ofthe previous workshops in the series,but also people who had acquiredknowledge by using the free onlinelearning materials could partipate.

MultimediaeveningsymphonyOn 5 May, Royal College of Musicstudents, dancers from London andBarcelona as well as musicians fromCopenhagen and Helsinki werebrought together in a sold-outmultimedia symphony titled ‘TheInfinite Bridge’, using some of thetechnologies presented during theworkshop. This innovative and cross-

disciplinary event used music, theatre,dance, computer-generated graphicsand three live connections to tell thestory of a girl trapped in a mundaneexistence, who in her dreams escapesinto an alternate cyber-world.

The 400 attendees witnessed thefirst time in history that Polycom andLOLA technologies were being used ina multimedia symphony.

50 CONNECT ISSUE 19 2015

COMMUNITY NEWS

NEW SPECIAL INTEREST GROUPSESTABLISHED

During its 12th meeting, on 8-9 April 2015, the TaskForce on Network OperatingCentres (TF-NOC) discussed

and agreed its new objectives as aSpecial Interest Group (SIG). The taskforce's terms of reference had expiredtowards the end of March and its newcharter in its new SIG format wasapproved by participants. Formalapproval by GÉANT was pending at thetime of writing. Unlike traditional 'taskforces', which have a fixed-termmandate, a SIG is a long-term workingpartnership around a topic of commoninterest.

The first SIG-NOC meeting washeld ad interim, in Stuttgart, Germany,hosted by BelWü, the German statenetwork of Baden-Württemberg. About26 people attended and some joinedvia video conferencing. The newdirection and name change from TF-NOC to SIG-NOC was reflected uponduring this meeting, and participantsagreed about the main direction andobjectives that the SIG should have forits first annual reporting period:

● Discuss, design and develop recommendations for a NOC Personnel’s Training (basic) and potential Certification Programme in order to bring/keep NOC staff up to the “standard” level.

● Onvite NOC tool developers and organise half-day technical tutorial sessions on various products/topics.

● Extend the reach of the communityto regional, metropolitan and campus NOCs.

The new SIG format was appreciatedby the attendees and the followingvoluntary Steering Committeemembers were accepted: Brian Nisbet(HEAnet), Jonny Lundin(NORDUnet), Pieter Hanssens(Belnet), and Maria Isabel GandíaCarriedo (CSUC).

You can find the topics andspeakers of this first SIG-NOC meetingon the workshop page:https://www.terena.org/activitie/tf-noc/meeting12/.

PicturesLeft: GyorgyBalazs, CERNpresenting infront of the TF-NOCaudience inStuttgart,Germany.

Right: Attendeessetting up for last TERENA TF-NOC meetingthat was the first GÉANT SIG-NOCmeeting, after re-chartering.

MORE INFORMATIONFor more information about this new group, please visit the SIG-ISM web pages:https://www.terena.org/activities/ism//

New SIG-ISMgroup meet forthe first timeIn March, GÉANT established anotherSIG: SIG-ISM, the Special InterestGroup on Information SecurityManagement. The main aim of thisgroup is to create a community ofsecurity management professionalsfrom among national research andeducation networking (NREN)organisations, who can develop,maintain and promote trustframeworks between NRENs, based oninternational standards.

T he group held its first workshopon 12-13 May, at Imperial College inLondon. The workshop was mainlyaimed at Chief Information SecurityOfficers, but also other peopleinterested in ISM issues were welcomed.

51

COMMUNITY NEWS

OPEN EDUCATION RESOURCE HUB AND PORTAL REACHES IMPORTANT MILESTONE

PictureThe OER pilotprojectparticipantsdiscussing servicearchitecturedetails inAmsterdam.

MORE INFORMATION• The OER pilot project deliverables and all other technical documents are

on the OER web pages: https://www.terena.org/activities/oer/.• The OER web portal front-end (BETA) is available for testing and

demonstration purposes only: http://terenatv.media.uvigo.es/.• Position paper ’GÉANT Association NRENs and Open Education’:

https://www.terena.org/activities/oer/GEANT_Association_NRENs_And_Open_Education-final.pdf

GÉANT’s Open EducationResource (OER) servicedevelopment pilot hasreached an important

milestone. The pilot resulted in aworking prototype metadata-aggregation hub and web portal thatcan provide aggregated multimedia e-learning content to the highereducation and academic researchcommunities. Now the preliminaryresults and deliverables are beingpicked up in the GÉANT Project (GN4-1), as part of the service activity on'Real-time Applications andMultimedia Management', whichstarted on 1 May 2015. One of the aimsof this activity is to further develop theOER prototype and bring it to the nextlevel as a service.

In November 2014, the OER pilotproject participants published aposition paper ’GÉANT AssociationNRENs and Open Education’ thatsummarises the motives for the OERservice development and its futuredirections. In the paper, GÉANT alsooffered its knowledge and expertise toprogress the objectives of the EC’s open

education policy. The pan-Europeanlevel GÉANT OER hub should bridgethe gap between smaller institutionaland national repositories and the large,global collectors, and contribute toflagship initiatives such as the EC’sOpen Education Europa portal.

OER architectureThe OER service architecture has twomajor components. The metadataharvester and aggregation engine usesstandard protocols such as RSS (RichSite Summary) and OAI-PMH (OpenArchives Initiative Protocol for

Metadata Harvesting) to collectinformation about multimediarecordings and learning objects thatare stored in connected national andinstitutional content repositories. Theaggregated, translated and filtered,good-quality metadata are madeavailable on a web portal front-end fortesting and demonstration purposes.

By being able to harvest iTunes URSS feeds, and soon also variousYouTube channels, the GÉANT OERportal creates a one-stop-shop brokeringhub, potentially both for end users andfor repository owners who wish to re-use the aggregated metadata set.

52 CONNECT ISSUE 19 2015

GLOBAL NEWS

NNEETTWWOORRKKIINNGG OOFF GGAALLAACCTTIICCPPRROOPPOORRTTIIOONNSS TTOO UUNNCCOOVVEERR TTHHEEMMYYSSTTEERRIIEESS OOFFTTHHEE UUNNIIVVEERRSSEE

PPIIEERRRREE AAUUGGEERROOBBSSEERRVVAATTOORRYY,,AARRGGEENNTTIINNAAThe Pierre Auger Collaborationincludes more than 490 scientists fromall over the world. The Observatory’s27 telescopes look for ultraviolet lightresulting from cosmic rays. Data istransferred from the AugerObservatory to a collaboratingcomputing centre in Lyon and mirroredat the FNAL laboratory in Chicago.About 5GB to 15GB of data isgenerated daily, as well as simulationsproduced via the EGEE/LCG computergrid, and transferred using HPSS.Each simulation series can includebetween 5TB to 20TB per simulationcampaign. Thanks to an abundance of data collected, researchers arecloser to understanding thecomposition of cosmic rays and where they come from.

TTHHEE AATTAACCAAMMAALLAARRGGEEMMIILLLLIIMMEETTRREE//SSUUBBMMIILLLLIIMMEETTRREE AARRRRAAYY((AALLMMAA)),, CCHHIILLEE ALMA is an international partnership ofthe European Organisation forAstronomical Research in the SouthernHemisphere (ESO), the U.S. NationalScience Foundation (NSF) and theNational Institutes of Natural Sciences(NINS) of Japan in cooperation withthe Chile and the largest astronomicalproject in existence. ALMA is a singletelescope of revolutionary design,composed initially of 66 high precisionantennas located on the Chajnantorplateau, at 5,000 meters altitude.

The skies of Latin America havecaptivated stargazers forcenturies. The ancient Mayawere keen astronomers,

known for detailed recording andinterpretation of every aspect of theskies. They believed that the will andactions of the gods could be read inthe stars. Benjamin Apthorp Gould setboundaries for southern hemisphereconstellations that were permanentlyfixed by the International AstronomicalUnion based on his work in LatinAmerica in the late 19th century.

It is no wonder that the region isconsidered the astronomy capital ofthe world, with exceptionally clear anddry skies for more than 300 days ayear. Today Latin America’s is home tothe world’s most important regionaland national observatories, providingforefront access to the heavens and beyond.

TTHHEE IICCTT AANNDDNNEETTWWOORRKKIINNGGBBEEHHIINNDD AASSTTRROONNOOMMYYRREESSEEAARRCCHH Astronomy research is driven bycollaboration and high bandwidthnetwork technologies. Distributedresearch groups, viewing the skiesfrom different sites and vantage pointsacross the globe, need to transfer andprocess enormous data sets andvisualisations. This requires networkconnectivity with the reach, capacityand reliability that only Research &Education (R&E) networks canprovide.

In addition, Latin Americanobservatories and research sites areoften in remote locations, far from well-developed infrastructure hubs.Deploying the necessary connectivityinfrastructure for this research bringsadvanced connectivity to remoteareas.

This small selection of astronomyresearch projects illustrates howNRENs throughout Latin America,connected via GÉANT, enable ground-breaking research and help bridge thedigital divide.

LLAARRGGEE SSYYNNOOPPTTIICCSSUURRVVEEYY TTEELLEESSCCOOPPEE((LLSSSSTT)),, CCHHIILLEEThe AURA Observatory and REUNAare implementing connectivity for theLarge Synoptic Survey Telescope(LSST), which will be the mostadvanced connectivity infrastructure inChile. The photonic "superhighway" willdeliver capacity of 100 Gbps from thesummit of Cerro Pachon tointernational data centres. "High-speedconnectivity is crucial to achieve thesuccessful operation of the LSST andfulfil its commitment to delivernotifications in real time,” says Dr.Christopher Smith, AURA Director.“We asked for the help of REUNA forits expertise in developing the networkof research and advanced educationin Chile, seeking a connectivitysolution in the country and in particularfrom La Serena to Santiago." It isplanned that scientists, students andthe general public will have access tothe digital universe created by theLSST, expected to be completed by 2019.

53

GLOBAL NEWS

ALMA’s remote location presentsunique challenges. The installed 150kilometres of fibre optic cable links theALMA Operations Site (AOS) toCalama in northern Chile and theREUNA network. This networkprovides 25 times faster access thanbefore. "This infrastructure not onlyallows transmitting the enormousamount of data generated by ALMA. It also improves the level ofcommunication between the peopleoperating the observatory at a remotesite in the middle of the AtacamaDesert and those who process thatdata in the central offices in Santiago,"says Giorgio Filippi, Project Leader,European Southern Observatory(ESO).

FFOOCCUUSS OONN TTHHEEFFUUTTUURREELatin America continues to be theprime location for many of the world’smost ambitious astronomy researchprojects. The E-ELT Extremely LargeTelescopes (“the World’s Biggest Eyeon the Sky”) is one of the highestpriorities in ground-based astronomy.Located in Chile, the E-ELT, will be thelargest optical/near-infrared telescopein the world and will gather 13 timesmore light than the largest opticaltelescopes existing today. The J-PAS(Javalambre Physics of theAccelerating Universe AstrophysicalSurvey) in Chile and Spain will map theobservable universe in 59 colours. TheJ-PAS newly inaugurated data centreconsists of a core network of 4 virtualchassis with 40GbE uplinks. Theprocessing system consists of 17nodes each with 24 cores, 192GBRAM and 4 TB internal storage.

These and others to come requireenormous computing capacity andnetworking resources, supported andfacilitated by the region’s NRENs.

““TThhee aalllliiaannccee wwiitthh AAUURRAA ffoorr tthhee ccoonnnneeccttiivviittyyooff tthhee LLSSSSTT iiss aa ggrreeaatt ssaattiissffaaccttiioonn ffoorr tthheeCChhiilleeaann aaccaaddeemmiicc nneettwwoorrkk.. IItt rreefflleeccttss tthheeccoonnffiiddeennccee iinn tthhee wwoorrkk ddoonnee bbyy tthheeCCoorrppoorraattiioonn aanndd iiss aann iinniittiiaattiivvee aalliiggnneedd wwiitthhtthhee ssttrraatteeggiicc oobbjjeeccttiivveess ooff RREEUUNNAA –– ttooccoonnssoolliiddaattee aa ddiiggiittaall ppllaattffoorrmm ooff eexxcceelllleenncceeaanndd tthhaatt iiss ooppeenneedd ttoo tthhee eennttiirree ccoommmmuunniittyyooff sscciieennccee aanndd eedduuccaattiioonn..””

Dr José Palacios, President of REUNA Board of Directors

54 CONNECT ISSUE 19 2015

GLOBAL NEWS

HHOORRIIZZOONN 22002200 FFUUNNDDIINNGGTTOO AASSSSIISSTT GGRREEAATTEERR IINNTTEERRNNAATTIIOONNAALL CCOOOOPPEERRAATTIIOONNMMAAGGIICCFollowing the success of the ELCIRA project,RedCLARA is leading a global collaboration projectcalled MAGIC (Middleware for collaborativeApplications and Global vIrtual Communities) whichaims over the next two years to significantly improvethe ability of researchers and academics around theworld to collaborate together. With partners from LatinAmerica, the Caribbean, West and Central Africa,Eastern and Southern Africa, North Africa and theMiddle East, Central Asia and Asia-Pacific, emphasiswill be given to expanding the global reach ofeduroam and identity infrastructures for the academicworld. MAGIC will also seek to establish middlewarewhich will enable NRENs around the world to shareservices and real-time applications for internationaland inter-continental research groups via a commonmarketplace. At the heart of MAGIC are GlobalScience Communities which the MAGIC partners willengage in, not only to support them in the use of thecollaboration applications implemented by MAGIC, butalso to raise their awareness of funding opportunitiesand encourage their engagement with their peersaround the world. MAGIC promises to share thesuccessful experiences of ELCIRA globally, and bydoing so, is perhaps the most global singlecollaboration project involving R&E networks aroundthe world. Find out more on the MAGIC website:www.magic-project.eu. SSCCII--GGAAIIAA

Sci-GaIA (Energising Scientific Endeavour throughScience Gateways and e-Infrastructures in Africa) aimsto support National Research and Education Networks,Communities of Practice and Universities in Africa todevelop Science Gateways and other e-Infrastructuresservices. Sci-GaIA will work with new and emergingCommunities of Practice to develop these excitingtechnologies, strengthen e-Infrastructure serviceprovision, especially in terms of open access linkeddata, and deliver training and disseminationworkshops. This will establish a sustainable foundationon which African e-Infrastructures can be developedand linked to science networks across Africa.Significantly, the results of the project will be usable byCommunities of Practice in Europe and the rest of theworld. The project will run for 24 months and iscoordinated by Brunel University (UK). The partnershipis composed of: DIT (Tanzania), University of Catania(Italy), Karolinska Intitutet (Sweden), KTH (Sweden),Sigma Orionis (France), UbuntuNet Alliance (Malawi),WACREN (Ghana) and CSIR (South Africa). The Sci-GaIA website will be available soon at www.sci-gaia.eu with more information.

TTAANNDDEEMMTANDEM (TransAfrican Network Development) willcreate favourable conditions for WACREN (West andCentral African Research and Education Network),enabling it to draw maximum benefit from theforthcoming AfricaConnect2 project and ensuringWACREN’s integration into the global Research andEducation networking community and its long-termsustainability. TANDEM’s long-term goal is to make itpossible for researchers and academics to contributewith their peers around the world to the socio-economic development of the West and CentralAfrican Region. The project will run for 24 months andis coordinated by the Institute de Recherche pour leDéveloppement (France). Other partners are WACREN(Ghana), GÉANT (UK), RENATER (France), CIRAD(France), Sigma Orionis (France), Brunel University(UK), UbuntuNet Alliance (Malawi) and RedCLARA(Uruguay). More information will be available soon onthe project website: www.tandem-wacren.eu.

55

GLOBAL NEWS

AAFFRRIICCAACCOONNNNEECCTT22TTOO EEXXPPAANNDD CCOONNNNEECCTTIIVVIITTYYAACCRROOSSSS AAFFRRIICCAA

cables, the secret to a successfulnetwork and project is people. TheUbuntuNet Alliance has created aclose-knit community, with a pool ofwell-trained engineers who efficientlymanage their networks and supporttheir users across the region.

AfricaConnect2 sets out to extendthis success story to the wholecontinent, thus accelerating thedevelopment of the Information Societyin Africa. Whilst the connectivity boostwill improve the lives of millions ofAfricans through accelerated researchand education, it will equally benefitcollaborative scientific research theworld over, in areas such as climatechange, biodiversity, crop research,malaria and other infectious diseases.

AfricaConnect2 is expected tocommence in June 2015 and will havea duration of 3.5 years.

Following the successfulcompletion of AfricaConnect,the finishing touches arecurrently being added to the

Grant Agreement for its successorproject. Conceived as a pan-Africanumbrella connectivity project,AfricaConnect2 will adopt a modularapproach adjusted to thegeographical, cultural andorganisational context of the Africanregions and their different stages ofNREN development, as well as theirsources of funding. Consequently,AfricaConnect2 will comprise 3geographical clusters and involve theirrespective regional networkingorganisations:

• Cluster 1: Southern and Eastern Africa (contracted between the EC and the UbuntuNet Alliance)

• Cluster 2: Western and Central Africa (coordinated by GÉANT in conjunction with WACREN)

• Cluster 3: North Africa (coordinated by GÉANT in conjunction with ASREN).

The project budget for AfricaConnect2will amount to €26.6m of which €20mwill be co-funded by the EuropeanCommission's Directorate-GeneralInternational Cooperation andDevelopment (DG DEVCO).

BBUUIILLDDIINNGG OONN TTHHEEAACCHHIIEEVVEEMMEENNTTSS OOFFAAFFRRIICCAACCOONNNNEECCTT

The UbuntuNet network – the first of itskind in Africa – is the regional researchand education Internet network inEastern and Southern Africa. Throughthe procurement and deployment ofhigh speed Internet connectionsacross the region, between 2011 and2014 AfricaConnect has significantlycontributed to the UbuntuNet network.Thanks to its interconnection withGÉANT, it helped create a regionalgateway for global researchcollaboration.

Implementing the UbuntuNetnetwork meant establishing points ofpresence in major cities in the regionand interconnecting them withbroadband cross-border links.Historically, all intra-regional traffic hadto travel via routers in London andAmsterdam - incurring delays andadditional costs. Scientists,researchers and students in Sub-Saharan Africa are now connecteddirectly, able to share data quickly andcollaborate more efficiently. ButAfricaConnect and the backbone itimplemented mean much more thanjust improved connectivity andreduced bandwidth costs – lookingbeyond the routers, switches and fibre

56 CONNECT ISSUE 19 2015

GLOBAL NEWS

TTEEIINN AANNDD MMEEDDIICCAALLCCOOMMMMUUNNIITTYY SSTTEEPP UUPP CCOOLLLLAABBOORRAATTIIOONNAAGGAAIINNSSTT DDEENNGGUUEE

opportunities to join colleagues andnetwork professionals in a series ofvideoconferences to share relevantexpertise.

In addition to the discussion ofdengue fever management specificallyfor Japan, the presentations covered awide range of topics, from globalfatality trends, dengue caseclassification to case managementand climate impact studies.

Joining the discussion remotely viavideoconference, Annelies Wilder-Smith, Professor of Infectious Diseasesand Global Health at the Lee KongChian School of Medicine in Singaporeand Scientific Coordinator of the EU-

Following the successful firstjoint APAN-TEIN dengue feverworkshop held at the 37th AsiaPacific Advanced Networking

(APAN) meeting in January 2014 inBandung, Indonesia, a seconddedicated event took place at therecent 38th APAN meeting in Fukuoka,Japan.

Part of the programme for theestablished APAN Medical WorkingGroup, the workshop was held on 1stMarch 2015, attracting over 20attendees, including clinicians andresearchers from within the multi-disciplinary dengue fever community,public health officials as well as

National Research and EducationNetwork (NREN) representatives fromacross the Asia-Pacific region, Europeand Africa.

The workshop provided a forum totake stock of developments since theBandung meeting, to shareexperiences and discuss bestpractices, mobilising a communitydedicated to helping combat thespread of this devastating disease.The recent dengue fever outbreak inJapan— after 70 years since the lastoutbreak—made the workshop and itslocation particularly relevant for localclinicians and public heath personnel.In the run-up to the workshop they had

57

GLOBAL NEWS

funded DengueTools project, focusedher presentation on the impact ofclimate change and global travel asmain drivers for the spread of denguefrom endemic to previously uninfectedregions.

Dr Olaf Horstick, Director ofTeaching Unit at the Institute of PublicHealth, University Hospital Heidelberg,Germany provided an overview of theWHO dengue case classification andevidence of its application whilst DrRaul Destura, Director of the Instituteof Molecular Biology andBiotechnology at the UP NationalInstitute of Health, Philippines,presented on the molecularcharacterisation of the dengue virus inthe Philippines and the impact of theintroduction of different genotypes.

Prof. Leo Yee Sin from the TanTock Seng Hospital in Singaporeoutlined dengue management inSingapore and Dr Saleem Rana fromContech International School of PublicHealth in Lahore, Pakistan highlightedthe importance of demographicfactors, such as age-sex specificmortality analysis, for informed andeffective health policy decisions.

When it comes to stoppingdengue, social media posts andtweeting may be just what the doctorordered. This was a key message inthe presentation by Prof. May O. Lwinwho explained how the social-mediabased Mo-Buzz system, developed byresearchers at Nanyang TechnologicalUniversity, can boost the authorities’efforts to keep a constant eye on thespread of dengue in Sri Lanka.

One of the highlights of theworkshop was the remote participationof Dr Misaki Wayengera, Uganda’sprincipal investigator of the Ebolarapid diagnostic kit, who presented onthe situation and prevention of Ebola inhis country. Although Ebola has so farnot hit Asia, participants recognisedthat, similarly to dengue, globalmobility might facilitate its spread toother regions.

Participants enthusiasticallyagreed to build on the positiveexperience of the workshop andNREN-supported videoconferencingby following up with virtual meetingsaround specific topics and areas ofresearch interest.

Other suggestions that generatedsubstantial interest included enablingthree or more sites to join regularclinician case reviews using thevideoconferencing system supportedby R&E networks, organising onlinetraining courses for public heathpersonnel focusing on dengue, andcreating FAQs for dissemination viaonline community portals to helpaddress concerns around dengue andat the same time dispel myths.

The driving force behind theworkshop and the idea of the NRENand medical communities joiningforces, Prof. Francis Lee, President ofSingAREN and Chair of Governors ofTEIN*CC, commented: “Buildingcommunities is not a one-time effort.Within 6 months after the Bandungmeeting a second workshop was heldin the Caribbean where organiserssought to develop new approaches toleverage R&E networks in the region tocombat dengue and Chikungunya.The workshop idea was subsequentlyalso embraced by colleagues inAfrica, adapting it to the challenge ofsharing expertise to treat and stop thespread of Ebola. This just shows thescalable nature of our efforts to buildcommunities – and buildingcommunities is the best way to affectreal change!”

The presentations can bedownloaded from https://www-lk.apan.net/meetings/Fukuoka2015/Sessions/session.php?id=37

If you wish to find out more aboutthis Dengue Fever initiative orwant to join the next virtualworkshop, please contact Prof. Francis Lee atebslee@ntu.edu.sg

58 CONNECT ISSUE 19 2015

GLOBAL NEWS

TTEEIINN CCOOMMMMUUNNIITTYYWWEELLCCOOMMEESS NNEEWWZZEEAALLAANNDD

QQAATTAARR NNRREENN IINNTTEERRCCOONNNNEECCTTSSWWIITTHH GGÉÉAANNTT

New Zealand is the latestcountry to connect to theTEIN network in the Asia-Pacific region, bringing the

number of partners benefiting from thehigh-speed regional backbone up to20. Last month REANNZ (Researchand Education Advanced NetworkNew Zealand) made live a brand newconnection between New Zealand andSingapore, opening up newopportunities for collaboration betweenlocal researchers and their Asian andEuropean counterparts.

The new 100Mbps connectionruns from Auckland over the AARNetroute (Sydney → Perth) to Singapore,where it joins the TEIN network,creating a much more direct routefrom New Zealand to Asia and byextension to the GÉANT R&Ecommunity. Previously, traffic to Asiahad to pass through the United Statesbefore bouncing back across thePacific to Singapore.

PictureSteve Cotter,REANNZ CEO

““TThhee TTEEIINN ccoonnnneeccttiioonn wwiillllmmaakkee iinntteerraaccttiivveeccoollllaabboorraattiioonn qquuiicckkeerr aannddmmoorree eeffffiicciieenntt ffrroomm NNeewwZZeeaallaanndd ttoo AAssiiaa,, ccrreeaattiinnggnneeww ooppppoorrttuunniittiieess ffoorrrreesseeaarrcchheerrss,, eedduuccaattoorrss aannddiinnnnoovvaattoorrss oonn tthhee RREEAANNNNZZnneettwwoorrkk,,"" said REANNZCEO Steve Cotter. ""TThheeccoonnnneeccttiioonn ffuurrtthheerrccoonnffiirrmmss oouurr ccoommmmiittmmeennttttoo ccoonnnneeccttiinngg oouurrrreesseeaarrcchheerrss wwiitthh tthhee wwiiddeerrrreesseeaarrcchh aanndd eedduuccaattiioonnccoommmmuunniittyy..””

““WWee wweellccoommee NNeeww ZZeeaallaannddaass oouurr ppaarrttnneerr aanndd llooookkffoorrwwaarrdd ttoo wwoorrkkiinngg wwiitthhRREEAANNNNZZ ttoo ddeevveelloopprreesseeaarrcchh nneettwwoorrkkiinngg iinn tthheerreeggiioonn,,”” said TEIN*CCExecutive Officer ByungKyuKim. ““WWee eexxppeecctt RREEAANNNNZZ’’ssccoonnnneeccttiioonn ttoo tthhee TTEEIINNnneettwwoorrkk ttoo aacctt aass aa bbrriiddggeebbeettwweeeenn AAssiiaa aanndd tthheePPaacciiffiicc,, ooppeenniinngg uuppeexxcciittiinngg ccoollllaabboorraattiioonnooppppoorrttuunniittiieess ffoorr tthhee eennttiirreeTTEEIINN ccoommmmuunniittyy..””

The formal go-ahead for theconnection was given at the APAN39meeting in Fukuoka, Japan in March,where the TEIN*CC Governorsunanimously approved REANNZ’sapplication to join the TEIN community.

International Layer2 connection of 10Gbps to the Netherlight Exchange inAmsterdam for European andworldwide R&E access. Theinterconnection agreement will havean initial term of one year which couldthen be extended by mutualagreement.

GÉANT has recently signedan agreement with QatarResearch and EducationNetwork (QNREN) to

interconnect with the GÉANT networkin Amsterdam. The peering, initially at1 Gbps, will extend GÉANTinternational connectivity and allowresearchers in Qatar to collaboratewith peers in Europe and in other

world regions in fields such asgenomics and environmental studiesand to potentially participate in Horizon2020 programmes.

QNREN has been established withgovernment endorsement by QatarUniversity, which is Qatar’s mainpublic university. QNREN is in theprocess of rolling out a nationalnetwork and has deployed an

59

GLOBAL NEWS

PictureMariaMinaricova,EaPConnectProject Manager,GÉANT

CCOONNNNEECCTTIINNGG TTHHEE RR&&EE CCOOMMMMUUNNIITTIIEESS IINN TTHHEE EEUURROOPPEEAANN UUNNIIOONN’’SS EEAASSTTEERRNN NNEEIIGGHHBBOOUURRHHOOOODD

June is expected to see the kick-off of the Eastern PartnershipConnect (EaPConnect) projectwhich sets out to create a

regional R&E network in EasternEurope and the Southern Caucasus.This will interconnect the NRENs in sixEastern Partnership (EaP) countriesand integrate them into the pan-European GÉANT network. Thepartner countries are Armenia,Azerbaijan, Belarus, Georgia, Moldovaand Ukraine.

Launched as the Easterndimension of the EuropeanNeighbourhood Policy in 2009, withthe Eastern Partnership the EU offersits partners concrete, far-reachingsupport for democratic reform,sustainable development and

overall stability. It recognises theimportance of e-Infrastructures in:

• promoting digital inclusion• enabling participation of EaP

countries in Horizon2020 projects• deploying eduroam and

stimulating integration towards GÉANT services

• stopping brain drain • procuring and federating access

to high-quality scientific content

The European Commission’sDirectorate-General forNeighbourhood and EnlargementsNegotiations (DG NEAR) iscontributing 95% (€13m) towards theproject costs. EaPConnect will bemanaged by networking organisationGÉANT in collaboration with theNRENs in the six partner countries.

60 CONNECT ISSUE 19 2015

ABOUT GÉANT

GÉANT is the leading collaboration on network and relatedinfrastructure and services for the benefit of research andeducation, contributing to Europe's economic growth and competitiveness.

GÉANT is owned by its core membership. This includes 36 National Members, which are Europeannational research and education network (NREN) organisations, and one Representative Member - NORDUnet - which participates on behalf of five Nordic NRENs. Associates are also welcome and include commercial organisations and multi-national research infrastructures and projects.

GGÉÉAANNTT AATT AA GGLLAANNCCEE

ABOUT GÉANT

61

INTERNATIONALCOLLABORATION GÉANT continues to cooperateclosely with research andeducation networks across theworld to ensure that the users’global connectivity and otherservice needs are being met. Thefocus of these global interactionscovers North America, LatinAmerica, the Caribbean, Sub-Saharan Africa, theMediterranean, Central Asia andAsia-Pacific, and increasedemphasis is being placed ondialogue with partners incountries where Europeanresearch and education interestsare high: USA (Internet2 andESnet); Canada (CANARIE),Brazil (RNP), Chile (REUNA),South Africa (TENET andSANReN), India (NKN), China(CERNET and CSTNET) andJapan (SINET and JGN-X).Furthermore, GÉANT has signedMemoranda of Understandingwith TEIN*CC (Trans-EurasiaInformation Network *Cooperation Center) and withAPAN (Asia-Pacific AdvancedNetwork), to promote cooperationand collaboration between theorganisations on various levels.

AT THE HEARTOF GLOBALRESEARCH ANDEDUCATION The GÉANT network remains thebest connected research andeducation network in the world,and is driven by extensivepartnerships which continue toflourish. GÉANT successfullymanages regional networkprojects in other parts of theworld: in the Mediterranean(EUMEDCONNECT); Sub-Saharan Africa(AfricaConnect); and CentralAsia (CAREN). In addition,GÉANT coordinates the Europe-China collaboration (ORIENTplus)and continues to secure directChina-Europe connectivity via along-term contract.

HIGHPERFORMANCENETWORKSERVICESGÉANT’s range of connectivityservices, underpinned by thenetwork, covers everything fromrobust, high-bandwidth IP,through Virtual Private Networks(L3VPN), point-to-pointconnectivity (Plus) to bespokesolutions for long term, highlydata-intensive requirements(Lambda). As user needschange, the service portfolio hasto scale and adapt, in order toensure that GÉANT remains atthe forefront of networkingtechnology and service delivery.GÉANT advanced services inmonitoring, trust and identity,security and certification, mobilityand access, and media and real-time communications, all serve toenhance the user experience.

PAN-EUROPEANNETWORK The GÉANT backbone offerscapacities of up to 2 Tbps and,together with Europe’s NRENs,connects over 50 million users at10,000 institutions acrossEurope, supporting research inareas, such as energy, theenvironment, space andmedicine.

Learn more atwww.geant.org

www.geant.org

www.twitter.com/GEANTnews

www.facebook.com/GEANTcommunity

www.youtube.com/GEANTtv

JOIN THE CONVERSATION

wwwwww..ggeeaanntt..oorrgg

This document has been produced with the financial assistance of the European Union. The contents of this document are the sole responsibility of GÉANT and can under no circumstances be regarded as reflecting the position of the European Union. CONNECT/0515