Trusted CI, EPOC and University of Arkansas create security resources for Science DMZs

In the 2nd half of 2021 Trusted CI partnered with EPOC at Indiana University to participate in an engagement with University of Arkansas as they worked on the NSF funded project "Data Analytics that are Robust and Trusted" or DART. DART, funded by NSF grant #OIA-1946391 to build an Arkansas wide Science DMZ capability for use by participating institutions of higher education across Arkansas. A Science DMZ is a network architecture for friction free science data transfers that allows very high throughput. Most Science DMZs are modeled around two end points that need to transfer data between each other. The goal of the DART project is to build a statewide network for Arkansas institutions to transfer data between any participating institution.  The DART project applied for an engagement with Trusted CI in order to seek guidance on securing their multi-tenant ScienceDMZ infrastructure, but also to improve the state of security documentation for ScienceDMZs in general.

One of the challenges with Science DMZs is that CISOs and executive leadership at institutions have been resistant to the idea due to the myth that a Science DMZ has no security controls by being placed outside the traditional firewall perimeter. To try to quell these concerns the team wrote a white paper on the security of Science DMZs that is devoted in the first half to introducing the concept of a Science DMZ and explaining the need as well as the high level overview of the alternative security controls used. The audience for this first section is CISOs at universities.  The 2nd half of the document goes into more specific details of implementation, summarizing and referencing many of the recommendations made by various resources in the community as well as providing a few additional recommendations made by Trusted CI. This document is now published at https://scholarworks.iu.edu/dspace/handle/2022/27007.

During the first half of the engagement, Trusted CI and EPOC worked to determine the scope of what could be called the Science DMZ, with a lot of discussion in engagement meetings about what should and should not be on a Science DMZ. There is a natural temptation to place more hosts in the Science DMZ than are necessary and this must be resisted, instead use the data transfer nodes (DTNs) as the focal points on the Science DMZ.

Beyond the end of the engagement, Trusted CI, in partnership with staff from the DART project, plans to leverage this whitepaper to develop additional presentation materials to help other institutions promote and implement Science DMZs. This effort will start in the first half of 2022.

Trusted CI Webinar July 20th at 11am ET: Whose line is it anyway? - Problem solving in complex networks with Doug Southworth

Indiana University's Doug Southworth is presenting the talk, Whose line is it anyway? - Problem solving in complex networks, on July 20th at 11am (Eastern). 

Please register here. Be sure to check spam/junk folder for registration confirmation email.

Today’s collaborative science often utilizes massive datasets shared across great distances. With better access to data we ask harder questions: interactive data sources change the very science we do. These factors have also given rise to new challenges, namely understanding the end-to-end performance of large data transfers. In a growing, complex, global network, no one person or entity controls all the pieces. End users don’t know what kind of performance to expect. Soft failures are notoriously difficult to find. Just as today’s science is collaborative, so must be our approach to troubleshooting and resolution of network performance issues. EPOC was created to be a focal point for these efforts, bringing together operational expertise and analysis to shed light on the multi-faceted problems that hamper research data movement.  Along with our partners in this space, such as Trusted CI, we are able to coordinate efforts between researchers, CI engineers, and network operators to bring resolution to complex data transfer issues, whether the root cause is technical or, as we have discovered in many cases, social. Community engagement has often proven to be the missing piece of the puzzle in this ever changing landscape, and lessons learned from these engagements are invaluable as we continue forward to the next phases of large-scale collaborative science.

Speaker Bio:
Doug Southworth is a Network Systems Analyst for International Networks at Indiana University, working with EPOC, perfSONAR, and NetSage in both developer and science engagement roles, focusing on performance analysis. Prior to working at IU, Southworth has held senior systems engineer positions with several state and federal agencies, including his last position with the United States Courts.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Trusted CI welcomes Engagement and Performance Operations Center as new partner

Trusted CI is happy to welcome the Engagement and Performance Operations Center (EPOC) as a new Trusted CI partner. EPOC was recently established “as a collaborative focal point for operational expertise and analysis and is jointly lead by Indiana University (IU) and the Energy Sciences Network (ESnet). EPOC will enable researchers to routinely, reliably, and robustly transfer data through a holistic approach to understanding the full pipeline of data movement to better support collaborative science.”

Cybersecurity and networking performance often intersect in ways that will benefit from this collaboration. This partnership will allow us to bring expertise together when called for by the community.

EPOC joins a growing list of Trusted CI partners, leading projects and organizations, we collaborate with to serve the open science community:

• The Science Gateways Community Institute (SGCI) by advising gateway developers on cybersecurity issues and providing security reviews for existing gateways
• ESnet on developing a threat profile for open science
• EU Authentication and Authorisation for Research and Collaboration project on enabling use of identity federations for international research collaborations
• Open Science Grid, XSEDE, and REN-ISAC on situational awareness for NSF CI projects
• NSF CICI Regional Cybersecurity Collaboration projects: CORE, SAC-PA, SCEPTRE, and SouthEast SECURE