2019 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Tutorials, Workshops, & Co-Located Meetings

NOTE: All events on this page require SEPARATE REGISTRATION; most have an associated FEE to help defray costs.



Most tutorials occur on Monday, December 9; one is scheduled on Tuesday morning, as well. To participate, you will need to REGISTER for the appropriate tutorial(s) or workshops as part of your EVENT REGISTRATION. Space is limited for each of these, so plan to register early! All activities take place at the host hotel Sheraton New Orleans.

TUTORIALS with an 8:30 a.m. start:

TUTORIALS with a 1:30 p.m. start:

TUTORIALS with an 8 a.m. start on Tuesday, December 10:

GÉANT Shibboleth IdP OIDC Plugin (8:30 a.m.-4:30 p.m. is FULL (waitlist available).

During the past few years, OpenID Connect (OIDC) has become a popular choice for implementing single sign-on to web and native applications via a trusted third party. For SAML2, Shibboleth IdP is one of the most deployed open-source identity providers in our communities. Within the GEANT 4-2 project, we first developed a native-like OpenID Connect extension for Shibboleth IdP. Now, in the GEANT 4-3 project, we have set a goal to maintain the extension and have it integrated upstream into the Shibboleth IdP codebase. Reaching the goal would benefit the numerous existing SAML2 Shibboleth IdP deployments by also turning them into OIDC Providers (OP).

For the attendees of the OIDC extension tutorial, we will provide prepared virtual machines having Shibboleth IdP already installed. The tutorial will cover:

  • Introduction to OIDC (a short introduction to protocol)
  • Installation (hands-on installation of the OIDC extension on top of standard Shibboleth IdP 3.4 installation)
  • Trust Management & OP configuration (both dynamic and static registration)
  • Configuring Authentication (special characteristics of OIDC when configuring authentication)
  • Attribute Definitions (OIDC encoders for attribute definitions)
  • Attribute Filtering (new attribute filtering options to be used with OIDC RPs)
  • Subject Identifier (how subject identifier is generated; also, review the provided configuration files and make modifications to them)
  • Credentials and Security Configuration (new JWK signing credentials and algorithm configurations)
  • Profile Configurations (familiarize attendees with the provided profile configuration options)
  • OAuth2 features (cover Token Revocation, Introspection, and flows [e.g., Device Flow])

By the end of the tutorial, attendees should have knowledge on how OIDC extension is both installed and configured to an existing Shibboleth (SAML) IdP deployment.

Network Automation (8:00 a.m.-5:00 p.m.)

This tutorial will cover:

  • Introduction to Network Automation (8-10 a.m.)
  • Network Data Modeling (10:30 a.m.-12 noon)
  • Applied Network Automation with Routing Security (1:30-5 p.m.)

Securing Coding Practices & Automated Assessment Tools (8:30 a.m.-4:30 p.m.)

High-performance computing increasingly involves the development and deployment of network and cloud services to access resources for computation, communication, data, instruments, and analytics. These services must assure data integrity and availability, while providing access to a global scientific and engineering community.

Securing your network is not enough. Every service that you deploy is a window into your data center from the outside world, and a window that could be exploited by an attacker.

This tutorial is relevant to anyone wanting to learn about minimizing security flaws in the software they develop or manage. We share our experiences gained from performing vulnerability assessments of critical middleware. You will learn skills critical for software developers and analysts concerned with security.

Software assurance tools – tools that scan the source or binary code of a program to find weaknesses – are the first line of defense in assessing the security of a software project. These tools can catch flaws in a program that affect both the correctness and safety of the code. This tutorial is also relevant to anyone wanting to learn how to use these automated assessment tools to minimize security flaws in the software they develop or manage.

Provisioning perfSONAR Infrastructure including Archivers and Cloud Nodes with Ansible (8:30 a.m.-11:30 a.m.)

This tutorial will cover how to use official Ansible playbooks and roles published by the perfSONAR Consortium to install and maintain a complete deployment. Participants will learn how to quickly provision and manage perfSONAR testpoints, toolkits, archivers, test mesh publishers, and MadDash dashboards in both traditional and cloud environments. Techniques can be applied to both legacy and new deployments.

Scaling Genomics Workflows with Kubernetes Hybrid Cloud Solutions (8:30 a.m.-11:30 a.m.)

Clemson University, Google and Cisco are collaborating to accelerate genomics research with Kubernetes-based cloud solutions. The systems genetics lab at Clemson, led by Dr. Alex Feltus (professor in the Clemson Dept. of Genetics & Biochemistry, faculty in the Clemson Center for Human Genetics and Biomedical Data Science & Informatics program, and Internet2 Board of Trustees member) is engaging CU students with the Google and Cisco teams to deploy a scalable Kubernetes solution to secure and process gigantic DNA data sets in a hybrid cloud environment. A core Feltus lab goal is to identify petascale research computing models that facilitate “normal” research labs (or collaborative group) in the unfolding transition of life science data analysis from the Excel-scale to the exascale. One model consists of mixing commercial cloud (e.g. GCP, CHC) with public compute resources (e.g. distributed research platform like The National Research Platform).

Google is providing its Google Cloud Platform (GCP) and Cisco is contributing its Cloud Platform (CCP) and Cloud Center (C3) software. CCP is a fully curated, lightweight, open container management platform for production grade environments, powered by Kubernetes, and reduces the complexity of configuring, deploying, securing, scaling and managing containers via automation across both on-premises and public cloud environments. C3 enables Clemson to test the automation of multi-cloud workload deployment and increase feature velocity, consistently enforce multi-cloud governance, and optimize cloud service consumption to reduce risk and cloud costs. This hands-on session is led by experienced life science domain researchers and will demonstrate the agility and flexibility of this multi-vendor hybrid cloud solution where DNA data is pulled from public genomics repositories, moved across Internet2 and regional networks, and processed with contemporary bioinformatics workflows in the cloud.

Implementing Virtual and Augmented Reality for Education (1:30 p.m.-4:30 p.m.)

Virtual and augmented reality is rapidly exploding as an important technology not just for entertainment, but as a way to radically enhance the way we interact with information and with each other. Educational institutions around the world are beginning to use virtual reality technology to enhance student outcomes. However, as with any new technology, best practices are few and far between, and the details and capabilities of solutions are rapidly evolving. In such an environment of rapid transformation, some of the best knowledge sources become our own peers who have gone before us ⁠— we can learn from both their setbacks and them successes. The University of Cincinnati Center for Simulations & Virtual Environments Research in conjunction with Internet2 will draw upon the experiences of educators and researchers around the country to give an overview of the current VR/AR technology landscape and a deep dive into how use VR/AR for education. This workshop will also incorporate hands on experiences with current VR/AR hardware ⁠— seeing is believing.

IPv6 Solutions Tutorial (1:30 p.m.-4:30 p.m.)

This tutorial will include multiple sessions of interest to anyone who currently operates a network that includes IPv6, and also for those who would like to consider it. This is the third year of IPv6 Solutions Tutorials at Internet2 Technology Exchange, produced by the Internet2 IPv6 Working Group.

Topics will include:

  • IPv6 For System Administrators ⁠— Tips, Tricks, Best Practices for End Users and Servers
  • Middleware, Infrastructure, and Strategy for Using IPv6 to Meet Emerging Challenges

Learning the Art of Feedback by Watching Gordon Ramsay (1:30 p.m.-4:30 p.m.)

Are you so starved for feedback that you would invite the Gordon Ramsay of your field to come and yell at you just so you feel something? Or do you feel like you are under a barrage of “do this, do that, fix this, this is all wrong!”

Feedback is a tricky thing. Even seasoned professionals are often vexed by it: giving feedback is hard and receiving it can be even harder. Yet, without the critical information that feedback gives us, it is very difficult to improve our organizations or ourselves. We must find a way to get better at this challenging practice; but how?

Gordon Ramsay’s media empire is centered on two things: food and feedback. And while his acerbic style would not be appropriate for (most) of our workplaces, the substance is strong. Chef Ramsay is consistent about providing feedback and the people who work around him know exactly where they (and he!) stand.

Can we learn to master the use of feedback in our personal and professional lives by learning some lessons from Chef Ramsay? In this fun, half-day workshop we will explore this question together. Using video examples from one of the world’s most colorful TV chefs, evidence-based practices, and the personal experience of workshop participants, we will learn together and come away understanding how to more effectively channel the art of feedback.

Segment Routing (Tuesday 8:00 a.m.-12:00 p.m.)

This tutorial will provide an introduction to segment routing. We'll discuss some of the design decisions, how it functions, and comparisons with alternative protocols (LDP and RSVP). Time and resourcing permitting, we'll have some hands-on activities with a virtual lab.

Some topics we'll cover:

  • Basic concepts
  • Protocol comparison
  • Topology Independent Loop Free Alternate (TI-LFA) - i.e., fast reroute
  • Traffic engineering
  • Advanced use cases


A feature of Internet2 events is support for co-located meetings and workshops by groups with cross-over interests. For 2019, these events are planned:

Cloud Security 101

Monday, December 9 (8:30 a.m.–11:30 p.m.)

This workshop will introduce participants to the security considerations of implementing and architecting cloud services. Participants will be asked to think through real world examples of security’s impact on designing and building for the cloud with a goal to provide actionable patterns to be implemented back on your home campus. The workshop will be broken down into the following sections: 

  • Structuring a Security Engagement with your Cloud Provider: Why technical people need to know the security implications of Cloud Contracts
  • Securing Cloud Access: Not all connectivity is the same
  • What is the difference between connecting to the cloud "privately" v "encrypted"?
  • How does application connectivity change the conversation around encryption?
  • What does "cloud native’" mean?
  • Can an application with a public IP be secured?
  • What is the role of a VPNs in cloud connectivity?
  • Securing Cloud Architectures: Tools to get the job done
  • How do you increase visibility across cloud workloads?
  • What tools exist to respond to a malware compromise on a cloud instance?
  • How does monitoring and logging differ in the cloud?
  • How can containers help (and hurt) your security posture?

I’m the Expert, Why Won’t You Listen to Me?

Free to registrants. Monday, December 9 (8:30 a..m.–11:30 a..m.)

Do you sometimes have difficulty communicating your ideas in ways that others understand? Do you have IT or cybersecurity communications or projects that involve researchers or other staff members? Do you find it difficult to discuss issues and implement solutions that correct the root issue and leave all parties feeling served and respected? 

The NSF funded Cyber-Ambassadors Professional Skills training program was designed to help address these types of challenges. Utilizing a well-researched pedagogical framework, the program provides effective tools to promote and develop skills to assist cyber infrastructure and IT professionals in working with teams and individuals with diverse backgrounds, experiences and goals. 

This half-day workshop will be full of fun and interactive exercises to provide hands-on experience to communicate about the complex technological challenges we face on a regular basis. Participants will practice and gain tools to better communicate with their team members and during their professional activities. 

This free workshop is open to everyone regardless of role or job level (though pre-registration is required to track the numbers). Please join us!

Hybrid Cloud for Academic Research and Hands-On with Microsoft Azure

Monday, December 9 (9:00 a.m.–4:00 p.m.)

This workshop is open to all TechX attendees interested in exchanging best practices on extending cyber infrastructure for academic research with cloud services and capabilities.   Participants will learn how to extend service portfolios with cloud native capabilities (IoT, AI, ML, Cognitive Services), integrate cloud capacity into existing scheduling models (bursting), and explore considerations for compliance, data management, and security (governance).  This workshop is relevant to all technologies and grounded in open standards.  Representatives from Microsoft will participate in the exchange, listen to attendee feedback and providing training, skills development, and product roadmap information on Microsoft Azure. 

The format will be a combination of presentations from peers, product reviews, problem solving for research, and demonstrations of the latest capabilities of Microsoft Azure as appropriate.  Hands-on workshops (HOW) session are scheduled to provide in-depth skills development for Microsoft Azure supporting cloud services for research.  Attendees are welcome to participate in all or some of the day’s activities.

9:00am - Humanware Sessions from PEARC

11:00am - HOW 1  Intro to Azure for Research Computing
Covering initial setup, provisioning accounts and services, resource controls, and integration with current tools

12:15pm - Lunch

1:00pm - HOW 2  Cloud Governance
Covering -Service Principals, Budget Management, Data Policies and Privacy

2:30pm - Delivering Research as a Service and Fostering Communities

4:00pm - Wrap Up

There is no fee for this workshop and lunch will be provided. Attend all or some of the activities.


Free to registrants.

Monday, December 9 (9:00 a.m.–5:00 p.m.)

For registration information, see the 2019 Internet2 Technology Exchange registration page. Your registration includes morning and afternoon breaks, and lunch. Breakfast is on your own.

REFEDS articulates the mutual needs of research and education identity federations worldwide. Many participants represent national identity federations. For more on REFEDs, see refeds.org.


Friday, December 13 (9:00 a.m.–5:00 p.m.)
NetGurus Dinner Thursday, December 12 -time TBD 

NetGurus is a group of campus Network Engineers/Architects that meet to contribute and learn from each other for the betterment of the broader education and research community. Participants discuss networking topics in a round table format to encourage open discussion and knowledge sharing. Typically, they meet before or after a conference to discuss items of interest. Many times, topics are suggested ahead of time to encourage participation. To allow for orderly discussion and to maximize individual participation, meetings are limited to 30 attendees on a first come, first serve basis. Also, please limit participants to a max of two (2) per institution.  If you are interested in attending, please contact Dan Schmiedt (willys@clemson.edu) or Charles Rumford (charlesr@isc.upenn.edu) to RSVP and for topics you wish to discuss during the meeting.

Additional details can be found here.