Tutorials, Workshops, & Co-Located Meetings
All Tutorials occur on Monday, October 15. To participate, you will need to REGISTER for the appropriate tutorial(s) or workshops as part of your EVENT REGISTRATION. Space is limited for each of these, so plan to register early! All activities take place at the host hotel Loews Royal Pacific.
TUTORIALS with an 8am start:
- Getting Started With Docker
- Introduction to Kubernetes
- TIER Access Governance with Grouper
- Network Automation
TUTORIALS with a 1pm start:
- Network Automation Hackathon
- Automated perfSONAR Provisioning with Ansible
- GEANT ODIC-plugin for Shibboleth IdP
- High Throughput Computation on the Open Science Grid
- IPv6 Solutions
- Routing Security
In this hands-on class, attendees will learn about Docker and how to get started with it. Areas covered will include installing Docker on your Mac or PC, Dockerfile and the image build process, pre-built images from Docker Hub/Docker Cloud, running containers, tying containers together (Docker Compose), and an overview of Docker orchestration (scheduling, scaling, and recovery: hands on with Docker Swarm, and an overview of other orchestration technology options, specifically Kubernetes).
At the conclusion of the session, attendees will have a working "dockerized" Apache HTTP Server (php) and database solution along with an excitement to "dockerize" their enterprise.
1-Prior experience with Linux, Apache HTTP Server and mySQL is helpful but not required.
2-Examples/hands-on tutorials will be Linux-based, but native Docker for Windows will also be discussed where appropriate.
Containers have shifted the way applications are packaged and delivered. Their use with cloud oriented services, data science and machine-learning is skyrocketing with the beneficial side effect of enabling reproducible research. This rise in use has necessitated the need to explore and adopt better container-centric orchestration tools. Of these tools, Kubernetes - an open-source container platform born within Google -- has become the de-facto standard.
Kubernetes API-driven, highly extensible design has lead to its adoption by numerous vendors and projects. Powering the likes of Amazon, Google, Microsoft, and Redhat, it has truly delivered a single, platform agnostic API for managing infrastructure.
The aim of this tutorial is to introduce those application architects, developers, and system administrators who may already be familiar with container concepts to the architecture of Kubernetes. Through a series of lectures and hands-on exercises, attendees will explore the many facets of working in a Kubernetes environment. These exercises will be augmented with discussions and demonstrations of various practical application deployments, with the goal of attendees being able to come away from the tutorial with the knowledge to begin to consume Kubernetes as a platform for their own programs and services.
TIER access governance with Grouper and friends is a full-day, hands-on training session. Participants will be guided through a series of condensed and accelerated learning modules. The modules start with Grouper basics and progress through TIER access governance, Grouper security model, and Grouper administration. The session culminates in the afternoon with an access governance practicum that incorporates the TIER suite of components and provides a "full TIER stack" experience.
* Grouper Basics (101)
* Grouper Access Governance (201)
* Grouper Security Model (211)
* Grouper Administration (301)
* Access Governance Practicum (401)
The target audience is anyone interested in implementing access governance the “TIER way”, and includes novices and folks who already have some Grouper experience.
NOTE: Lunch is not provided; participants will be given a break in which they can take refreshment.
The Network Automation Workshop will provide a brief introduction to network automation using Ansible. Familiarity with YAML and Jinja2 is helpful but not required. Participants will need to bring a laptop and will be working with a virtual network lab.
This workshop will provide a basic introduction to network automation that may be helpful for the afternoon Network Automation Hackathon.
The Network Automation Hackathon will challenge teams to use automation tools to configure a specified network topology. Teams will be given access to a virtual network lab and jump host. The organizers will group teams based on indicated experience with automation.
Hackathon participants are not required to attend the morning Network Automation Workshop but may find it helpful, depending on level of experience.
This tutorial will cover the process for automated deployments of perfSONAR infrastructure using Ansible as a provisioning system. Participants will learn how to install and administer perfSONAR using pre-developed perfSONAR Ansible Galaxy Roles to author institution specific Playbooks. At the end of the class, participants will be able to quickly stand up and maintain their own arbitrarily large perfSONAR infrastructure using tools, scripts, and configurations presented in the class.
During the past few years, OpenID Connect (OIDC) has become a popular choice for implementing single sign-on to Web and native applications via trusted third party. For SAML2 Shibboleth IdP is one of the most deployed open source identity providers in our communities. Within the GEANT 4-2 project's task "Next Generation Trust and Identity Technology Development" we have set one of our goals to be providing a native-like OpenID Connect extension for Shibboleth IdP. Reaching the goal would benefit the numerous existing SAML2 Shibboleth IdP deployments by turning them also into OIDC Providers (OP).
For the attendees of the tutorial on the OIDC extension we will provide pre-prepared virtual machines having Shibboleth IdP already installed. The tutorial will cover:
- OIDC extension project developer resources -- We first introduce project in general, wiki, support channels and access to source code.
- Installation -- We will perform installation of the OIDC extension on top of standard Shibboleth IdP installation.
- Trust Management & OP configuration -- The provided virtual machines have a OIDC Relying Party (RP) that needs to establish trust relationship with Shibboleth OP. We first visit dynamic registration options and configure the OP to accept the dynamic registration requests of RP. Then we disable the dynamic registration and establish trust by adding the RP to local metadata file of the OP. In this section we also cover OP configuration.
- Configuring Authentication -- We configure one or some of the authentication methods in OP to have OIDC specific principals for selecting authentication method based on requested authentication context class reference (acr). This section covers both essential and nonessential acrs.
- Attribute Definitions -- We introduce OIDC encoders for attribute definitions. We cover also the cases of different response types and their impact on attribute availability and writing robust resolvers.
- Attribute Filtering -- We introduce new attribute filtering options to be used with OIDC RPs. How to combine OIDC specific options to existing ones and what can be expected from OIDC filtering options.
- Subject Identifier -- In this section, we introduce how subject identifier is generated. We study the provided configuration files and make modifications to them.
- Credentials -- We introduce new JWK signing credentials.
- Profile Configurations -- We familiarize attendees with the provided profile configuration options. Profile configuration options may be used to configure RP specific behaviour for OPs such as token lifetimes.
In the end of the tutorial, attendees should have knowledge on how OIDC extension is both installed and configured to existing SAML2 Shibboleth IdP deployment.
Would you like to use distributed resources of the Open Science Grid, or just want to learn how to do large-scale high throughput computing? The format of this tutorial is a mix of lecture and hands-on exercises, so please bring your laptop and make sure you have an SSH client installed. You will be provided with a training account on OSG Connect which, during the tutorial, will be upgraded to a full user account.
After the tutorial, you will have full access to the OSG, know how to run and scale up workloads, and manage your data. If time permits, the OSG User Support team will also help get your own workload set up for execution on OSG. Tutorial topics include:
- Introduction to OSG Connect
- Job Scheduling with HTCondor
- Scaling Up Workloads
- Managing data
Ideal participants include researchers and computing facilitators interested in learning the principles of distributed high throughput computation on shared cyberinfrastructure.
This tutorial is for Operators of IPv6 Networks. These sessions are intended to address issues that current operators of IPv6 networks face, day to day. If you operate an IPv4-only network at present, you are welcome to participate, and get ideas on what lays ahead.
- Finding Users In The IPv6 Haystack
Jeff Harrington, NYSERNET
This tutorial will briefly touch on updates to the host addressing models for IPv6 over the last number of months. Acknowledging that tracking hosts (and from that users) is a crucial component to operate a campus network, we will then provide tools with which to gather host information for IPv6 addressing, how to deploy inside a production network and mechanisms to correlate IPv6 and IPv4 data in a dual stack network.
- Building IPv6-Only Networks That Keep Everyone Happy
Alan Whinery, University Of Hawaii
This updated tutorial is about building "IPv6-Only" Networks, as in: networks where only IPv6 is routed, and IPv4 connectivity is provided as a service. In 2016, Apple require applications in its App Store to support such environments, and in 2018 a growing proportion of client devices are ready to operate without IPv4 routing. We will provide information on how to build your IPv6-Only network, and to understand why IPv6 is increasingly a best option to meet your emerging network requirements.
Please see: Video from the 2017 Internet2 Technology Exchange IPv6 Tutorials: http://ipv6hawaii.org/?p=388
Protecting the research and education network is a team activity that involves the community of network operators, both campuses and regionals. Embedded security is one of the goals of Internet2's Next Generation Infrastructure. This tutorial gives a brief overview of risks to network routing within the R&E community and some examples of the impact of even a small, malicious routing announcement. A global initiative that began in 2014, Mutually Agreed Norms for Routing Security (MANRS), takes one step toward preventing network attacks by taking on security as a shared responsibility between networks. Experts within the community will then give technical, hands on demonstrations of how to implement the four easy to implement activities that comprise MANRS, including uRPF, and RPKI. There will also be a talk from legal technologists from academia on how to overcome the legal and social obstacles to implementing RPKI.
A feature of Internet2 events is support for co-located meetings by groups with cross-over interest areas. For 2018, there are three co-located events planned: REFEDS, ESCC, and NetGurus.
Monday, October 15 (9:00am–5:00pm)
For registration information, see the 2018 Internet2 Technology Exchange registration page. Your registration includes morning and afternoon breaks, and lunch. Breakfast is on your own.
REFEDS articulates the mutual needs of research and education identity federations worldwide. Many participants represent national identity federations. For more on REFEDs, see refeds.org.
Fall 2018 ESnet Site Coordinator Committee (ESCC)
A separate registration is required to attend the Fall 2018 ESCC meeting ($325). Please contact Rebekah Mathews for details if you are interested in attending.
ESnet Site Coordinators Committee, or ESCC, meetings are held twice-a-year. The meetings provide a forum for the National Laboratory Site Coordinators and their staff to coordinate and plan network activities with ESnet staff, and with each other, on common networking issues where collective effort is necessary or beneficial. The next ESCC will be co-located with 2018 Internet2 Technology Exchange in Orlando, Florida, October 18-19, 2018.
Friday, October 19 (9:00am–5:00pm)
NetGurus Dinner Thursday, October 18 at 6:00pm (dutch)
NetGurus is a group of campus Network Engineers/Architects that meet to contribute and learn from each other for the betterment of the broader education and research community. Participants discuss networking topics in a round table format to encourage open discussion and knowledge sharing. Typically, they meet before or after a conference to discuss items of interest. Many times, topics are suggested ahead of time to encourage participation. To allow for orderly discussion and to maximize individual participation, meetings are limited to 30 attendees on a first come, first serve basis. Also, please limit participants to a max of two (2) per institution. If you are interested in attending, please contact Dan Brisson (firstname.lastname@example.org) or Chris Cook (email@example.com) to RSVP and for topics you wish to discuss during the meeting.
Additional details can be found at: https://spaces.internet2.edu/display/netguru/Fall+2018