GÉANT Community Programme Building the community Klaas Wierenga Chief Community Support Officer GÉANT Information day, Tirana, 5 th April 1
Membership Association = very large community to serve GÉANT Association supports and represents over 40 NRENs across Europe. Together they support over 10,000 institutions and 50 million academic users. 2
Community events & clusters the heart of GÉANT GÉANT invests in the research and development of network architectures, technologies and paradigms to develop into the services, processes, tools and network capabilities of tomorrow. Community Conference Special Interest Groups and Task Forces Research Programmes Service Development 3
TNC The GÉANT community's flagship conference. Regular attendance of over 700 participants from all across the world. Bringing together decision makers, networking and collaboration specialists, and identity and access management experts from all major European networking and research organisations, universities, worldwide sister institutions, as well as industry representatives. tnc18.geant.org 4
Special Interest Groups & Task Forces Special Interest Groups (SIGs) & Task Forces (TFs) Enable collaboration across the community for the development of the next generation of networking technologies and services. Explore emerging issues in research and education networking, develop strategies and solutions to address them. Produce and test fresh and innovative ideas applied through specific research activities and initiatives. Welcome grass roots and world experts. SIGs and TFs receive secretariat support from GÉANT with funding through the (GN4-2) GÉANT Project More info: https:///people/community_programme/pages/home.aspx 5
Special Interest Groups & Task Forces 6
Transforming community ideas to outputs that meet community needs: enhancing security portfolio 7
Sharing is caring - transparency of outcomes https://blog.geant.org and https://www.inthefieldstories.net 8
Above the Net Services Trust & Identity, Security, Cloud Klaas Wierenga Chief Community Support Officer GÉANT Information day, Split, 6 th June 9
Trust, Identity & Security Supporting users and enabling secure access to services eduroam - secure global roaming access service 250+ million authentications per month in 89 territories edugain - interconnects identity federations around the world, simplifying access to content, services and resources ~ 3500 identity providers accessing services AARC project collaborating with e-infrastructures, research collaborations, libraries & federations to share policies, architectures, training materials & pilots that avoid reinventing the authentication & authorisation wheel REFEDs supporting identity federations worldwide Trusted Introducer services for security and incident response teams Certificate Service delivering cost-effective digital certificates. In partnership with VPN services - Increased privacy and control, effective virtual teams across borders. NSHaRP Network Security Handling and Response Process detecting anomalous and mitigating security incidents 10
eduroam Linking students to the global community Free secure Wifi provided by NRENs between campuses. A global network of users across 89 territories. More than 2 billion international authentications and counting A worldwide success story From its early beginnings as a joint venture between a few European universities to today with millions of users in more than 80 territories worldwide, eduroam has been an amazing success story and an example of research and education collaboration. www.eduroam.org 11
edugain Enabling secure Single Sign On services to global research and educational resources Federated identities enable users to access a wide range of services using a single account sign-on managed by their 'home' institution Improves access Improves security Reduces management overhead and costs. March 2018: 49 Federations active 6 Federations with voting rights in process of joining 4526 entities (50% growth) 12
Existing capacity & expertise edugain depends on federations 13
InAcademia Online student validation InAcademia is a service being developed that simply validates to other services that the user is a student or staff member of the academic community. Helps service providers offer academic discounts online and in real time. A lightweight federated identity process with minimal attribute release (essentially a simple yes/no). Easy for Service Providers to implement. Removes need for scans of ID cards or primitive e-mail address-based 'authentication'. 14
InAcademia Flow overview Service Provider (RP) 1- Is this user a student? 4- Yes 2- Please login to prove affiliation 3- IdP says Affiliation: Student
Virtual Organisations: eduteams Basic Services eduteams Membership Management service VO specific workflows for onboarding members Registry for VO persistent Identifier Limited set of attributes Accessible through edugain eduteams Identity Hub One persistent (SAML) IdP for many Guest Identity Providers Social (Google, Twitter, Linkedin, Facebook) NREN operated & Commercial Guest IdPs (UnitedID.org, eduid.se) egov (eidas) and BankID Provides Account recovery Available and accessible through edugain Supports Research and Scholarship Entity Category
COmanage Service Provider eduteams Basic Services ecosystem IdP VOOT AA AuthN: ID + attributes SAML AA eduteams Membership Management eduteams Identity Hub External IdP
GÉANT VPN Services MD-V PN The GÉANT Multi-Domain Virtual Private Network (MD-VPN) provides an end-to-end international network service that enables scientists all over Europe to collaborate via a common private network infrastructure. MD-VPN can be used for connectivity between clusters, grids, clouds and HPC (high-performance computing) centres, allowing them to form v irtual distributed resources for third-party research projects. MD-VPN offers fast delivery of VPNs to end users and so can be used in a variety of ways, from a long-term infrastructure with a high demand for intensive network usage to quick point-to-point connections for a con ference demonstration. L3 VPN The GÉANT L3-VPN service provides NRENs with the backbone infrastructure to enable custom VPN services for their users across the GÉANT backbone. 18
NSHaRP An Automated Incident Notification & Handling System. Supported by the GEANT OC (using the ticketing system) Detection and mitigation capability to GEANT borders. Adds value by serving as an extension to a NOC/CERT, by adding visibility to incidents targeting or originating from your network.
NSHaRP Detection - FlowMon ADS 20
NSHaRP Detection FlowMon templates and auto-alerting Based on criticality Per client basis Daily reports Events tracked by TTS From cert@oc.geant.net Automatic closure 5 days Filter/block Investigate 21
NSHaRP Mitigation Firewall on Demand GUI 22
GÉANT Cloud Activity Collective hybrid multi-cloud approach, build and buy Public clouds: procure from commercial suppliers Community clouds: develop and operate sector specific solutions One digital single market, with many cloud services
Cloud adoption support for institutions Cloud contract repository (GÉANT intranet) Toolkits: IaaS Service Matrix (online supplier comparison) Data Classification Tool for risk assessment Communication material User stories, showcases, good practices and instructions 2-minute videos introducing IaaS FW portfolio Fliers, news items, articles in CONNECT and other IT magazines Skills development: meetings, workshops, webinars Support from suppliers: Events: technical workshops and trainings, webinars, presentations at conferences Whitepapers Test accounts 24
Cloud adoption support for NRENs GÉANT Funding: 6 months for Manpower for 2018 national IaaS Framework adoption Weekly online Cloud Forum every Friday at 10:00 CET: http://lifesizecloud.com/2750418 Cloud contract repository (GÉANT intranet) Toolkits: IaaS Framework Cookbook for NRENs IaaS Service Matrix (online supplier comparison) Data Classification Tool for risk assessment Communication material Fliers, news items, articles in CONNECT and other magazines User stories, showcases, good practices and instructions 2-minute videos introducing IaaS FW portfolio Speakers and presentations at events, slides Skills development: meetings, workshops, webinars 25
GÉANT Community Clouds Website GÉANT clouds website, to better reflect the GÉANT cloud service delivery capabilities Newsfeed & Cloud events Cloud catalogue & IaaS Service Matrix User stories Maps for contacts Guidelines Contract Repository Button integration for all relevant information per country (in process) Chatbot (in process) https://clouds.geant.org/ 26
Thank you Any questions? GEANT Limited on behalf of the GN4 Phase 2 project (GN4-2). The research leading to these results has received funding from the European Union s Horizon 2020 research and innovation programme under Grant Agreement No. 731122 (GN4-2). 27