www.geant.org 1 | Building the community www.geant.org Klaas Wierenga Chief Community Support Officer GÉANT Information day, Tirana, 5 th April GÉANT Community Programme
www.geant.org1 |
Building the community
www.geant.org
Klaas WierengaChief Community Support Officer
GÉANT Information day, Tirana, 5th April
GÉANT Community Programme
www.geant.org
Membership Association = very large community to serve
GÉANT Association supports and represents over 40 NRENs across Europe.
Together they support over 10,000 institutions and 50 million academic users.
2 |
www.geant.org
Community events & clusters – the heart of GÉANT
GÉANT invests in the research and development of network architectures, technologies and paradigms to develop into the services, processes, tools and network capabilities of tomorrow.
Special Interest Groups andTask Forces
ResearchProgrammes
Service Development
Community Conference
3 |
www.geant.org
TNC
The GÉANT community's flagship conference.
Regular attendance of over 700 participants from all across the world.
Bringing together decision makers, networking and collaboration specialists, and identity and access management experts from all major European networking and research organisations, universities, worldwide sister institutions, as well as industry representatives.
tnc18.geant.org
4 |
www.geant.org
Special Interest Groups & Task Forces
Special Interest Groups (SIGs) & Task Forces (TFs)
Enable collaboration across the community for the development of the next generation of networking technologies and services.
Explore emerging issues in research and education networking, develop strategies and solutions to address them.
Produce and test fresh and innovative ideas applied through specific research activities and initiatives.
Welcome grass roots and world experts.
SIGs and TFs receive secretariat support from GÉANT with funding through the (GN4-2) GÉANT Project
More info: https://www.geant.org/People/Community_Programme/Pages/Home.aspx
5 |
www.geant.org
Special Interest Groups & Task Forces
6 |
www.geant.org7 |
Transforming community ideas to outputs that meet community needs: enhancing security portfolio
www.geant.org8 |
Sharing is caring - transparency of outcomes
https://blog.geant.org and https://www.inthefieldstories.net
www.geant.org9 |
Trust & Identity, Security, Cloud
www.geant.org
Klaas WierengaChief Community Support Officer
GÉANT Information day, Split, 6th June
“Above the Net” Services
www.geant.org
eduroam - secure global roaming access service 250+ million authentications per month in 89 territories
eduGAIN - interconnects identity federations around the world, simplifying access to content, services and resources ~ 3500 identity providers accessing services
AARC project – collaborating with e-infrastructures, research collaborations, libraries & federations to share policies, architectures, training materials & pilots that avoid re-inventing the authentication & authorisation wheel
REFEDs – supporting identity federations worldwide
Trusted Introducer – services for security and incident response teams
Certificate Service – delivering cost-effective digital certificates. In partnership with
VPN services - Increased privacy and control, effective virtual teams across borders.
NSHaRP – Network Security Handling and Response Process – detecting anomalous and mitigating security incidents
Trust, Identity & SecuritySupporting users and enabling secure access to services
10 |
www.geant.org
eduroamLinking students to the global community
Free secure Wifi provided by NRENs between campuses.
A global network of users across 89 territories. More than 2 billion international authentications and counting
A worldwide success story
From its early beginnings as a joint venture between a
few European universities to today – with millions
of users in more than 80 territories worldwide,
eduroam has
been an amazing success story and an
example of research and education collaboration.
www.eduroam.org
11 |
www.geant.org
eduGAINEnabling secure Single Sign On services to global research and educational resources
Federated identities enable users to access a wide range of services using a single account sign-on managed by their 'home' institution• Improves access• Improves security• Reduces management overhead and costs.
March 2018:
49 Federations active
6 Federations with voting rights in process of joining
4526 entities (50% growth)
12 |
www.geant.org
Existing capacity & expertise – eduGAIN depends on federations
13
www.geant.org
InAcademia is a service being developed that simply validates to other services that the user is a student or staff member of the academic community. Helps service providers offer academic discounts online and in real time.
A lightweight federated identity process with minimal attribute release (essentially a simple yes/no).
Easy for Service Providers to implement.
Removes need for scans of ID cards or primitive e-mail address-based 'authentication'.
InAcademiaOnline student validation
14 |
www.geant.org
InAcademia – Flow overview
ServiceProvider
(RP)
3- IdP says Affiliation: Student
2- Please login to prove affiliation
1- Is this user a student?
4- Yes
www.geant.org
Virtual Organisations: eduTEAMS Basic Services
• eduTEAMS Membership Management service• VO specific workflows for onboarding members• Registry for VO persistent Identifier• Limited set of attributes• Accessible through eduGAIN
• eduTEAMS Identity Hub• One persistent (SAML) IdP for many ‘Guest’ Identity Providers
• Social (Google, Twitter, Linkedin, Facebook)• NREN operated & Commercial Guest IdPs (UnitedID.org, eduID.se)• eGOV (eIDAS) and BankID
• Provides Account recovery• Available and accessible through eduGAIN• Supports Research and Scholarship Entity Category
www.geant.org
Serv
ice
Pro
vid
er
eduTEAMS Basic Services ecosystem
VOOT AA
SAML AAC
Om
anag
e
eduTEAMSMembership Management
eduTEAMS Identity Hub
IdP
AuthN:ID + attributes
External IdP
www.geant.org
GÉANT VPN Services
MD-VPN
The GÉANT Multi-Domain Virtual Private Network (MD-VPN) provides an end-to-end international network service that enables scientists all over Europe to collaborate via a common private network infrastructure.
MD-VPN can be used for connectivity between clusters, grids, clouds and HPC (high-performance computing) centres, allowing them to form virtual distributed resources for third-party research projects.
MD-VPN offers fast delivery of VPNs to end users and so can be used in a variety of ways, from a long-term infrastructure with a high demand for intensive network usage to quick point-to-point connections for a conference demonstration.
L3 VPN
The GÉANT L3-VPN service provides NRENs with the backbone infrastructure to enable custom VPN services for their users across the GÉANT backbone.
18 |
www.geant.org
NSHaRP
• An Automated Incident Notification & Handling System.
• Supported by the GEANT OC (using the ticketing system)
• Detection and mitigation capability to GEANT borders.
• Adds value by serving as an extension to a NOC/CERT, by adding visibility to incidents targeting or originating from your network.
www.geant.org
NSHaRP Detection - FlowMon ADS
20
www.geant.org
NSHaRP Detection – FlowMon templates and auto-alerting
21
• Based on criticality• Per client basis• Daily reports• Events tracked by TTS• From [email protected]• Automatic closure – 5 days
Filter/block Investigate
www.geant.org
NSHaRP Mitigation– Firewall on Demand GUI
22
www.geant.org
Collective hybrid multi-cloud approach, build and buy• Public clouds: procure from commercial suppliers• Community clouds: develop and operate sector
specific solutions
One digital single market, with many cloud services
GÉANT Cloud Activity
www.geant.org
• Cloud contract repository (GÉANT intranet)
• Toolkits:• IaaS Service Matrix (online supplier comparison)
• Data Classification Tool for risk assessment
• Communication material• User stories, showcases, good practices and instructions
• 2-minute videos introducing IaaS FW portfolio
• Fliers, news items, articles in CONNECT and other IT magazines
• Skills development: meetings,workshops, webinars
• Support from suppliers:• Events: technical workshops and trainings, webinars, presentations at conferences
• Whitepapers
• Test accounts
Cloud adoption support for institutions
24
www.geant.org
• GÉANT Funding: 6 months for Manpower for 2018
national IaaS Framework adoption
• Weekly online Cloud Forum every Friday at 10:00 CET: http://lifesizecloud.com/2750418
• Cloud contract repository (GÉANT intranet)
• Toolkits:• IaaS Framework Cookbook for NRENs
• IaaS Service Matrix (online supplier comparison)
• Data Classification Tool for risk assessment
• Communication material• Fliers, news items, articles in CONNECT and other magazines
• User stories, showcases, good practices and instructions
• 2-minute videos introducing IaaS FW portfolio
• Speakers and presentations at events, slides
• Skills development: meetings, workshops, webinars25
Cloud adoption support for NRENs
www.geant.org
GÉANT clouds website, to better reflect the GÉANT cloud service delivery capabilities
Newsfeed & Cloud events
Cloud catalogue & IaaS Service Matrix
User stories
Maps for contacts
Guidelines
Contract Repository
“Button” integration for all relevant information per country (in process)
Chatbot (in process)
GÉANT Community Clouds Website
26https://clouds.geant.org/
www.geant.org27 |
Thank you
www.geant.org
Any questions?
© GEANT Limited on behalf of the GN4 Phase 2 project (GN4-2).
The research leading to these results has received funding from
the European Union’s Horizon 2020 research and innovation programme under Grant
Agreement No. 731122 (GN4-2).