GÉANT Community Programme - Building the community Klaas Wierenga - Eduroam
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
GÉANT Community Programme
Building the community
Klaas Wierenga
Chief Community Support Officer
GÉANT Information day, Tirana, 5th April
www.geant.org
1 | www.geant.org
Membership Association = very large community to serve
GÉANT Association supports and represents over 40 NRENs across Europe.
Together they support over 10,000 institutions and 50 million academic users.
2 | www.geant.org
Community events & clusters – the heart of GÉANT
GÉANT invests in the research and development of network architectures,
technologies and paradigms to develop into the services, processes, tools and
network capabilities of tomorrow.
Community Special Interest Research Service
Conference Groups and Programmes Development
Task Forces
3 | www.geant.org
TNC
The GÉANT community's flagship conference.
Regular attendance of over 700 participants from all across the world.
Bringing together decision makers, networking and collaboration specialists, and identity
and access management experts from all major European networking and research
organisations, universities, worldwide sister institutions, as well as industry
representatives.
tnc18.geant.org
4 | www.geant.org
Special Interest Groups & Task Forces
Special Interest Groups (SIGs) & Task Forces (TFs)
Enable collaboration across the community for the development of the next generation
of networking technologies and services.
Explore emerging issues in research and education networking, develop strategies and
solutions to address them.
Produce and test fresh and innovative ideas applied through specific research activities
and initiatives.
Welcome grass roots and world experts.
SIGs and TFs receive secretariat support from GÉANT with funding through the (GN4-2)
GÉANT Project
More info: https://www.geant.org/People/Community_Programme/Pages/Home.aspx
5 | www.geant.org
Special Interest Groups & Task Forces
6 | www.geant.org
Transforming community ideas to outputs that meet
community needs: enhancing security portfolio
7 | www.geant.org
Sharing is caring - transparency of outcomes https://blog.geant.org and https://www.inthefieldstories.net 8 | www.geant.org
“Above the Net” Services
Trust & Identity, Security, Cloud
Klaas Wierenga
Chief Community Support Officer
GÉANT Information day, Split, 6th June
www.geant.org
9 | www.geant.org
Trust, Identity & Security
Supporting users and enabling secure access to services
eduroam - secure global roaming access service 250+ million authentications per
month in 89 territories
eduGAIN - interconnects identity federations around the world, simplifying access to
content, services and resources ~ 3500 identity providers accessing services
AARC project – collaborating with e-infrastructures, research collaborations, libraries
& federations to share policies, architectures, training materials & pilots that avoid re-
inventing the authentication & authorisation wheel
REFEDs – supporting identity federations worldwide
Trusted Introducer – services for security and incident response teams
Certificate Service – delivering cost-effective digital certificates.
In partnership with
VPN services - Increased privacy and control, effective virtual teams across borders.
NSHaRP – Network Security Handling and Response Process – detecting anomalous
and mitigating security incidents
10 | www.geant.orgeduroam
Linking students to the global community
Free secure Wifi provided by NRENs between campuses.
A global network of users across 89 territories.
More than 2 billion international authentications
and counting
A worldwide success story
From its early beginnings as a joint venture between a
few European universities to today – with millions
of users in more than 80 territories worldwide,
eduroam has
been an amazing success story and an
example of research and education collaboration.
www.eduroam.org
11 | www.geant.orgeduGAIN
Enabling secure Single Sign On services to global research and educational resources
Federated identities enable users to access a wide range of services using a single account
sign-on managed by their 'home' institution
• Improves access
• Improves security
• Reduces management overhead and costs.
March 2018:
49 Federations active
6 Federations with voting
rights in process of joining
4526 entities (50% growth)
12 | www.geant.orgExisting capacity & expertise – eduGAIN depends on federations
13 www.geant.orgInAcademia
Online student validation
InAcademia is a service being developed that simply validates to other services that the user is a
student or staff member of the academic community. Helps service providers offer academic discounts
online and in real time.
A lightweight federated identity process with minimal attribute release (essentially a simple yes/no).
Easy for Service Providers to implement.
Removes need for scans of ID cards or primitive e-mail address-based 'authentication'.
14 | www.geant.orgInAcademia – Flow overview
Service
1- Is this user a student?
Provider
(RP)
4- Yes
2- Please login to prove affiliation
3- IdP says
Affiliation:
Student
www.geant.orgVirtual Organisations: eduTEAMS Basic Services
• eduTEAMS Membership Management service
• VO specific workflows for onboarding members
• Registry for VO persistent Identifier
• Limited set of attributes
• Accessible through eduGAIN
• eduTEAMS Identity Hub
• One persistent (SAML) IdP for many ‘Guest’ Identity Providers
• Social (Google, Twitter, Linkedin, Facebook)
• NREN operated & Commercial Guest IdPs (UnitedID.org, eduID.se)
• eGOV (eIDAS) and BankID
• Provides Account recovery
• Available and accessible through eduGAIN
• Supports Research and Scholarship Entity Category
www.geant.orgeduTEAMS Basic Services ecosystem
IdP
Service Provider
COmanage
AuthN:
VOOT AA ID + attributes
SAML AA
eduTEAMS
eduTEAMS
Membership
Identity Hub
Management
External IdP
www.geant.orgGÉANT VPN Services
MD-VPN
The GÉANT Multi-Domain Virtual Private Network (MD-VPN) provides an end-to-end international
network service that enables scientists all over Europe to collaborate via a common private
network infrastructure.
MD-VPN can be used for connectivity between clusters, grids, clouds and HPC (high-performance
computing) centres, allowing them to form virtual distributed resources for third-party research
projects.
MD-VPN offers fast delivery of VPNs to end users and so can be used in a variety of ways, from a
long-term infrastructure with a high demand for intensive network usage to quick point-to-point
connections for a conference demonstration.
L3 VPN
The GÉANT L3-VPN service provides NRENs with the backbone
infrastructure to enable custom VPN services for their users
across the GÉANT backbone.
18 | www.geant.orgNSHaRP
• An Automated Incident Notification & Handling System.
• Supported by the GEANT OC (using the ticketing system)
• Detection and mitigation capability to GEANT borders.
• Adds value by serving as an extension to a NOC/CERT, by adding visibility to incidents targeting or originating from
your network.
www.geant.orgNSHaRP Detection - FlowMon ADS
20 www.geant.orgNSHaRP Detection – FlowMon templates and auto-alerting
• Based on criticality
• Per client basis
• Daily reports
• Events tracked by TTS
• From cert@oc.geant.net
• Automatic closure – 5 days
Filter/block
Investigate
21 www.geant.orgNSHaRP Mitigation– Firewall on Demand GUI
22 www.geant.orgGÉANT Cloud Activity
Collective hybrid multi-cloud approach,
build and buy
• Public clouds: procure from commercial suppliers
• Community clouds: develop and operate sector
specific solutions
One digital single market, with many cloud services
www.geant.orgCloud adoption support for institutions
• Cloud contract repository (GÉANT intranet)
• Toolkits:
• IaaS Service Matrix (online supplier comparison)
• Data Classification Tool for risk assessment
• Communication material
• User stories, showcases, good practices and instructions
• 2-minute videos introducing IaaS FW portfolio
• Fliers, news items, articles in CONNECT
and other IT magazines
• Skills development: meetings,
workshops, webinars
• Support from suppliers:
• Events: technical workshops and trainings, webinars, presentations at conferences
• Whitepapers
• Test accounts
24 www.geant.orgCloud adoption support for NRENs
• GÉANT Funding: 6 months for Manpower for 2018
national IaaS Framework adoption
• Weekly online Cloud Forum every Friday at 10:00 CET:
http://lifesizecloud.com/2750418
• Cloud contract repository (GÉANT intranet)
• Toolkits:
• IaaS Framework Cookbook for NRENs
• IaaS Service Matrix (online supplier comparison)
• Data Classification Tool for risk assessment
• Communication material
• Fliers, news items, articles in CONNECT and other magazines
• User stories, showcases, good practices and instructions
• 2-minute videos introducing IaaS FW portfolio
• Speakers and presentations at events, slides
• Skills development: meetings, workshops, webinars www.geant.org
25GÉANT Community Clouds Website
GÉANT clouds website, to better
reflect the GÉANT cloud service
delivery capabilities
Newsfeed & Cloud events
Cloud catalogue & IaaS Service
Matrix
User stories
Maps for contacts
Guidelines
Contract Repository
“Button” integration for all relevant
information per country (in
process)
Chatbot (in process)
https://clouds.geant.org/
26 www.geant.orgThank you
Any questions?
www.geant.org
© GEANT Limited on behalf of the GN4 Phase 2 project (GN4-2).
The research leading to these results has received funding from
the European Union’s Horizon 2020 research and innovation programme under Grant
Agreement No. 731122 (GN4-2). 27 | www.geant.orgYou can also read
