Abstract: Experimental science workflows from projects such as Compact Muon Solenoid (CMS) and Laser Interferometer Gravitational Wave Observatory (LIGO) are characterized by data-intensive computational tasks over large datasets transferred over encrypted channels. The Science DMZ approach to network design favors lossless packet forwarding through a separate isolated network over secure lossy forwarding through stateful packet processors (e.g. firewalls). We propose ScienceSDS, a novel software defined security framework for securely monitoring large-scale science datasets over a software defined networking and network functions virtualization (SDN/NFV) infrastructure.
Abstract: Software Defined Networking (SDN) is driving transformations in Research and Education (R&E) networks, enabling innovations in network research, enhancing network performance, and providing security through a policy-driven network management framework. The Holland Computing Center (HCC) at the University of Nebraska-Lincoln (UNL) supports scientists studying large datasets, and has identified a need for flexibility in network management and security, particularly with respect to identifying data flows. This problem is addressed through the deployment of a production SDN with a focus on integrating network resource management for large-scale GridFTP data transfers. We propose SNAG (SDN-managed Network Architecture for GridFTP transfers), an architecture that enables the SDN-based network management of GridFTP file transfers for large-scale science datasets. We also show how SNAG can efficiently and securely identify science dataset transfers from projects such as Compact Muon Solenoid (CMS) and Laser Interferometer Gravitational-Wave Observatory (LIGO). We focus on exposing an Application Program Interface (API) between the trusted GridFTP process and the network layer allowing the network to track flows via application metadata.