Tutorials, Workshops, & Co-Located Meetings
NOTE: All events on this page require SEPARATE REGISTRATION; most have an associated FEE to help defray costs.
Most tutorials occur on Monday, December 9; one is scheduled on Tuesday morning, as well. To participate, you will need to REGISTER for the appropriate tutorial(s) or workshops as part of your EVENT REGISTRATION. Space is limited for each of these, so plan to register early! All activities take place at the host hotel Sheraton New Orleans.
TUTORIALS with an 8:30am start:
- GÉANT Shibboleth IdP OIDC Plugin
- Network Automation
- Securing Coding Practices
- Provisioning perfSONAR Infrastructure
- Scaling Genomics Workflows with Kubernetes
TUTORIALS with a 1:30pm start:
- Ask Better Questions About Your Network with Nmap Scripting Engine
- Implementing Virtual and Augmented Reality for Education
- IPv6 Solutions
- Learning the Art of Feedback by Watching Gordon Ramsay
TUTORIALS with an 8am start on TUESDAY, DECEMBER 10:
During the past few years, OpenID Connect (OIDC) has become a popular choice for implementing single sign-on to web and native applications via trusted third party. For SAML2, Shibboleth IdP is one of the most deployed open source identity providers in our communities. Within the GEANT 4-2 project, we first developed a native-like OpenID Connect extension for Shibboleth IdP. Now, in the GEANT 4-3 project, we have set a goal to maintain the extension and have it integrated upstream into the Shibboleth IdP codebase. Reaching the goal would benefit the numerous existing SAML2 Shibboleth IdP deployments by turning them also into OIDC Providers (OP).
For the attendees of the tutorial on the OIDC extension, we will provide prepared virtual machines having Shibboleth IdP already installed. The tutorial will cover:
- Introduction to OIDC (a short introduction to protocol)
- Installation (hands-on installation of the OIDC extension on top of standard Shibboleth IdP 3.4 installation)
- Trust Management & OP configuration (both dynamic and static registration)
- Configuring Authentication (special characteristics of OIDC when configuring authentication)
- Attribute Definitions (OIDC encoders for attribute definitions)
- Attribute Filtering (new attribute filtering options to be used with OIDC RPs)
- Subject Identifier (how subject identifier is generated; also, review the provided configuration files and make modifications to them)
- Credentials and Security Configuration (new JWK signing credentials and algorithm configurations)
- Profile Configurations (familiarize attendees with the provided profile configuration options)
- OAuth2 features (cover Token Revocation, Introspection, and flows [e.g., Device Flow])
By the end of the tutorial, attendees should have knowledge on how OIDC extension is both installed and configured to an existing Shibboleth (SAML) IdP deployment.
This tutorial will cover:
- Introduction to Network Automation (8-10am)
- Network Data Modeling (10:30am-12N)
- Applied Network Automation with Routing Security (1:30-5pm)
High-performance computing increasingly involves the development and deployment of network and cloud services to access resources for computation, communication, data, instruments, and analytics. These services must assure data integrity and availability, while providing access to a global scientific and engineering community.
Securing your network is not enough. Every service that you deploy is a window into your data center from the outside world, and a window that could be exploited by an attacker.
This tutorial is relevant to anyone wanting to learn about minimizing security flaws in the software they develop or manage. We share our experiences gained from performing vulnerability assessments of critical middleware. You will learn skills critical for software developers and analysts concerned with security.
Software assurance tools – tools that scan the source or binary code of a program to find weaknesses – are the first line of defense in assessing the security of a software project. These tools can catch flaws in a program that affect both the correctness and safety of the code. This tutorial is also relevant to anyone wanting to learn how to use these automated assessment tools to minimize security flaws in the software they develop or manage.
Provisioning perfSONAR Infrastructure including Archivers and Cloud Nodes with Ansible (8:30AM-11:30AM)
This tutorial will cover how to use official Ansible playbooks and roles published by the perfSONAR Consortium to install and maintain a complete deployment. Participants will learn how to quickly provision and manage perfSONAR testpoints, toolkits, archivers, test mesh publishers, and MadDash dashboards in both traditional and cloud environments. Techniques can be applied to both legacy and new deployments.
Clemson University, Google and Cisco are collaborating to accelerate genomics research with Kubernetes based cloud solutions. The systems genetics lab at Clemson, led by Dr. Alex Feltus (professor in the Clemson Dept. of Genetics & Biochemistry, faculty in the Clemson Center for Human Genetics and Biomedical Data Science & Informatics program, and Internet2 Board of Trustees member) is engaging CU students with the Google and Cisco teams to deploy a scalable Kubernetes solution to secure and process gigantic DNA data sets in a hybrid cloud environment. A core Feltus lab goal is to identify petascale research computing models that facilitate “normal” research labs (or collaborative group) in the unfolding transition of life science data analysis from the Excel-scale to the exascale. One model consists of mixing commercial cloud (e.g. GCP, CHC) with public compute resources (e.g. distributed research platform like The National Research Platform).
Google is providing its Google Cloud Platform (GCP) and Cisco is contributing its Cloud Platform (CCP) and Cloud Center (C3) software. CCP is a fully curated, lightweight, open container management platform for production grade environments, powered by Kubernetes, and reduces the complexity of configuring, deploying, securing, scaling and managing containers via automation across both on-premises and public cloud environments. C3 enables Clemson to test the automation of multi-cloud workload deployment and increase feature velocity, consistently enforce multi-cloud governance, and optimize cloud service consumption to reduce risk and cloud costs. This hands-on session is led by experienced life science domain researchers and will demonstrate the agility and flexibility of this multi-vendor hybrid cloud solution where DNA data is pulled from public genomics repositories, moved across Internet2 and regional networks, and processed with contemporary bioinformatics workflows in the cloud.
Nmap is a free and open source tool used for network and service discovery, auditing, inventory, monitoring, and more. The Nmap Scripting Engine (NSE) is a framework allowing anyone to extend the built-in functionality by writing small but powerful scripts. This session will describe the range of possible uses of NSE, demonstrate how to use any of the many published scripts, and then demonstrate how to customize and write entirely new scripts. The ultimate goal is to show participants how they can translate sophisticated questions about their network into functional Nmap queries that provide immediate, actionable results. Demonstrations will be structured so that a participant has the option to use and learn NSE on their own system during the session.
Virtual and augmented reality is rapidly exploding as an important technology not just for entertainment, but as a way to radically enhance the way we interact with information and with each other. Educational institutions around the world are beginning to use virtual reality technology to enhance student outcomes. However, as with any new technology, best practices are few and far between, and the details and capabilities of solutions are rapidly evolving. In such an environment of rapid transformation, some of the best knowledge sources become our own peers who have gone before us - we can learn from both their setbacks and them successes. The University of Cincinnati Center for Simulations & Virtual Environments Research in conjunction with Internet2 will draw upon the experiences of educators and researchers around the country to give an overview of the current VR/AR technology landscape and a deep dive into how use VR/AR for education. This workshop will also incorporate hands on experiences with current VR/AR hardware - seeing is believing.
This tutorial will include multiple sessions of interest to anyone who currently operates a network that includes IPv6, and also for those who would like to consider it. This is the 3rd year of IPv6 Solutions Tutorials at Internet2 Technology Exchange, produced by the Internet2 IPv6 Working Group.
Topics will include:
- IPv6 For System Administrators - Tips, Tricks, Best Practices for End Users and Servers
- Middleware, Infrastructure, and Strategy for Using IPv6 to Meet Emerging Challenges
Are you so starved for feedback that you would invite the Gordon Ramsay of your field to come and yell at you just so you feel something? Or do you feel like you are under a barrage of “do this, do that, fix this, this is all wrong!”
Feedback is a tricky thing. Even seasoned professionals are often vexed by it: giving feedback is hard and receiving it can be even harder. Yet, without the critical information that feedback gives us, it is very difficult to improve our organizations or ourselves. We must find a way to get better at this challenging practice; but how?
Gordon Ramsay’s media empire is centered on two things: food and feedback. And while his acerbic style would not be appropriate for (most) of our workplaces, the substance is strong. Chef Ramsay is consistent about providing feedback and the people who work around him know exactly where they (and he!) stand.
Can we learn to master the use of feedback in our personal and professional lives by learning some lessons from Chef Ramsay? In this fun, half-day workshop we will explore this question together. Using video examples from one of the world’s most colorful TV chefs, evidence-based practices, and the personal experience of workshop participants, we will learn together and come away understanding how to more effectively channel the art of feedback.
This tutorial will provide an introduction to segment routing. We'll discuss some of the design decisions, how it functions, and comparisons with alternative protocols (LDP and RSVP). Time and resourcing permitting, we'll have some hands-on activities with a virtual lab.
Some topics we'll cover:
- Basic concepts
- Protocol comparison
- Topology Independent Loop Free Alternate (TI-LFA) - i.e., fast reroute
- Traffic engineering
- Advanced use cases
A feature of Internet2 events is support for co-located meetings and workshops by groups with cross-over interest areas. For 2019, these events are planned:
Monday, December 9 (9:00am–5:00pm)
For registration information, see the 2019 Internet2 Technology Exchange registration page. Your registration includes morning and afternoon breaks, and lunch. Breakfast is on your own.
REFEDS articulates the mutual needs of research and education identity federations worldwide. Many participants represent national identity federations. For more on REFEDs, see refeds.org.
Monday, December 9 (1:30pm–4:30pm)
Collaborative workshop between Indiana University and Internet2 male ally workgroups. We will discuss what their groups are doing and share experiences.
Monday, December 9 (8:30am–11:30pm)
This workshop will introduce participants to the technical, legal, and risk management considerations important to evaluating and selecting cloud services for campus deployment. Learn procurement strategies as well legal terms and conditions that make for successful cloud contracts and how to consider security and risk assessments for services. This will focus on how the information security team can work with the other stakeholders on campus to better manage risk around cloud services.
Monday, December 9 (1:30pm–5:30pm)
You’ve heard of Boss of the SOC (BOTS) and now it’s time to test your skills against the top Splunk security experts attending the Internet2 Technology Exchange! Even if you are new to Splunk or security, this event has something to offer. BOTS is the best place to see where you stand, understand how you can improve, and learn how to investigate real-world incidents in a safe, fun, and competitive environment. Get more details.