SciPass: 100G OpenFlow Science DMZ
Time 10/29/14 01:30PM-02:15PM
SciPass is an open source project lead by the GlobalNOC at Indiana University and developed in collaboration with the IU Security Office, ESnet, and the Bro team. This session will introduce SciPass and go into its use case and capabilities, our implementation experience, and its current development status. Additionally, with the help of our development collaborators and Brocade, we will provide a live demonstration of the system performing large-scale science data transfers.
SciPass provides a security enhanced Science DMZ that employs state of the art IDS fingerprinting techniques to identify trusted science data transfers, bypassing limited infrastructure components (such as institutional firewalls) and enabling better utilization of 100G campus connectivity. The SciPass system consists of a cluster of Bro Intrusion Detection System (IDS) sensors, a capable OpenFlow Switch, and the SciPass application.
SciPass is designed to use security capabilities to increase rather than decrease performance, as is often the case. The system operates as an adaptive load balancer sending traffic to the Bro Cluster. As trusted flows are identified, the sensor signals this to the SciPass application, which then installs a bypass into the switch to avoid the institutional firewall.
Speaker Ed Balas Indiana University
Primary track Advanced Networking/Joint Techs
Secondary tracks Security