Network and Security infrastructure

Similar documents
Logical Network Design (Part II)

Open Exchange Policy

GÉANT Open Service Description. High Performance Interconnectivity to Support Advanced Research

General Purpose Servers

GÉANT Open Service Description. High Performance Interconnectivity to Support Advanced Research

Unit code: D/601/1956 QCF Level 5: BTEC Higher National Credit value: 15

GÉANT L3VPN Service Description. Multi-point, VPN services for NRENs

GÉANT IP Service Description. High Performance IP Services to Support Advanced Research

MyCloud Computing Business computing in the cloud, ready to go in minutes

GÉANT Plus Service Description. High Performance Cost-effective Connectivity

Global IP Network (GIN) Connects You to the World

LHC Open Network Environment. Artur Barczyk California Institute of Technology Baton Rouge, January 25 th, 2012

GRIDS INTRODUCTION TO GRID INFRASTRUCTURES. Fabrizio Gagliardi

Information Technology Security Guideline. Network Security Zoning

Course 20741B: Networking with Windows Server 2016

Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

Changing the Voice of

Virtualisierung nur im RZ? Werden Netzwerke immer komplexer? Göran Friedl Senior Network Consultant, Avaya Deutschland GmbH

Networks & Data Centres

Wireless access for Oxford University Staff on Oxfordshire NHS sites

HSCN Internet Protocol (IP) addressing policy

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

EUMETSAT EXPERIENCE WITH MULTICAST ACROSS GÉANT

Cloud-Enable Your District s Network For Digital Learning

Experience working with Windows Server 2008 or Windows Server Experience working in a Windows Server infrastructure enterprise environment

NATO Communications and Information Systems School

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Service Description Safecom Customer Connection Version 3.5

Update of Ankabut Jan 2010

"Charting the Course... MOC 6435 B Designing a Windows Server 2008 Network Infrastructure Course Summary

Network Virtualization for Future Internet Research

CompTIA Network+ Study Guide Table of Contents

COURSE 20741B: NETWORKING WITH WINDOWS SERVER 2016

Microsoft Lync Server 2010: Architecture

The New Infrastructure Virtualization Paradigm, What Does it Mean for Campus?

Security

20741 Networking with Windows Server 2016

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Networking with Windows Server 2016

Level 1 Technical. Microsoft Lync Basics. Contents

VDI What is it? Virtual Desktop Infrastructure in Plain Vanilla. Clifford Gabriel Data Center and Virtualization Trends and Technologies Inc.

FEDERICA Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

CyberP3i Course Module Series

ISG-600 Cloud Gateway

Exam Questions

Network Security Policy

Chapter 1 B: Exploring the Network

Unified Threat Management

IPCOM EX Series for Realizing Network Stability and Safety

Dimension Data IaaS Services. Gary Ramsay

Contents. 1 General Terms. Page 1 of 8

Table of Contents Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems...

EZY Intellect Pte. Ltd.,

Never Drop a Call With TecInfo SIP Proxy White Paper

PassReview. PassReview - IT Certification Exams Pass Review

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

NATO Communications and Information Systems School

GÉANT perspective of Virtual Networks and Implementation

CASE STUDY. Customer-at-a-Glance. Industry. Sophos Solutions. Fitas Flax Indústria e Comércio Ltda. Brazil. Manufacturing

Farzad Diba 333 East Juniper Court Mequon, WI (414)

FAQ Guide. i-mo 310 & 540 Series Bonding Routers. FAQ Guide. for the i-mo 310 & 540 Series Appliances

20741: Networking with Windows Server Course Content. Course ID #: W Hours: 35. Course Description: At Course Completion:

Parallel to NSX Edge Using Avi Vantage for North-South and East-West Load Balancing

Course Networking with Windows Server 2016

Edge for All Business

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

LANCOM Techpaper Advanced Routing and Forwarding (ARF)

Sample excerpt. HP ProCurve Threat Management Services zl Module NPI Technical Training. NPI Technical Training Version: 1.

Welcome to a world where technology flows through the heart of your business environment. Welcome to CDC

Juniper Solutions for Turnkey, Managed Cloud Services

Juniper Networks Switching: EX & QFX Series

EO Ground Segment Evolution Reflections by

JOB DESCRIPTION FOR SUPPORT STAFF

Microsoft Networking with Windows Server 2016

DELL EMC READY BUNDLE FOR VIRTUALIZATION WITH VMWARE AND FIBRE CHANNEL INFRASTRUCTURE

Mission Critical MPLS in Utilities

METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER

Evolution with End-to-End Data Center Virtualization

REDUCING THE COST OF METRO FIBRE ACCESS A SOLUTION GUIDE FOR SERVICE PROVIDERS

HSCN Technical & Security working group

Minnesota Microsoft Unified Communications User Group Welcome! March 26, 2009

Module 2a. Part 1 Deploying Microsoft Lync Server 2010

Huawei Emergency Command Network Solution Brochure-Detailed

Advancing European R&E through collaboration

Design and Deployment of SourceFire NGIPS and NGFWL

Chapter 10: Review and Preparation for Troubleshooting Complex Enterprise Networks

DEPLOYING AND EVOLVING FABRICS IN EXISTING NETWORKS. Scott Fincher Global Solutions Architect Avaya Networking

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Unified Communications from West

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

NETLOGIC TRAINING CENTER

CoreNet for T2S Dedicated Link

MCSA: Windows Server MCSA 2016 Windows 2016 Server 2016 MCSA 2016 MCSA : Installation, Storage, and Compute with Windows Server 2016

Computers Are Your Future Eleventh Edition Chapter 7: Networks: Communicating & Sharing Resources

Mellanox Virtual Modular Switch

Community College LAN Deployment Guide

DIGITAL TRUST Making digital work by making digital secure

SCALABLE VEHICULAR AD-HOC NETWORKS DISTRIBUTED SOFTWARE-DEFINED NETWORKING

Cisco Network Architecture Blueprint For The NHS (C-NAB)

Answer the call to keep costs down

Transcription:

Network and Security infrastructure Industry Day, Bologna, 16 January 2019 Ahmed Benallegue Networks and Security Workstream Leader Bologna January Bologna 16, 2019 January 16, 2019

Agenda Introduction HLD Overview Fabric Layer Internet Edge Layer Security Layer: Firewall Nodes Auxiliary Services: DDI and NTP Auxiliary Services: Application Control and Load Sharing Procurement approach Q&A 2

Introduction The LAN network infrastructure is composed of the following components: Fabric Layer (or High Performance Network): used for the exchange of large amounts of operational data, most of which is hosted within our own data centres Architecture: IP Fabric or Spine-Leaf Offices Network: connects end-user devices such as workstations, telephones and printers, into the High Performance Network Architecture: two-tier collapsed core design 2 networks: Offices Network in Reading and Offices Network in Bologna Management & Monitoring Network: physically segregated network used to supports the administration and the monitoring of the IT systems operated by ECMWF at all sites Architecture: two-tier collapsed core design 3

Introduction ECMWF s HPN traffic trend over the last two-year (Jan 2017-Dec) Data traffic increase factor: 1.5 from 240Gbps to 360Gbps Total traffic handled by one of the two core switches: Expected data traffic increase multiplier factor for period 2017-2023: 3.6 from 240Gbps to 864Gbps 4

Introduction ECMWF s HPN daily traffic trend Peaks at around 6am and 6pm: ECMWF products dissemination Total traffic handled by one of the two core switches over a 24h-period, 10-11 January 2019: 5

Introduction The WAN aspects ECMWF's Internet connection comprises dual links to JANET in Reading and GARR in Bologna, respectively the United Kingdom s and Italy s National Research and Education Network (NREN) JANET and GARR have high speed connections to the rest of the Internet, especially to the GÉANT network, which provides a high speed backbone between most research networks within Europe and the US ECMWF is also connected to the RMDCN (Regional Meteorological Data Communication Network), a private IPVPN that provides a computer network infrastructure for the meteorological community in World Meteorological Organisation Region VI, and beyond in its capacity as one of the WMO community s Core Networks The Internet Edge Layer: the component that connects the LAN infrastructure to the WAN 6

Introduction The Internet connections are used for a variety of activities: Exchange of meteorological data between ECMWF's site located in Reading, UK, and ECMWF's Data Centre site located in Bologna, Italy; Dissemination of meteorological data to ECMWF's Member and Cooperating States as per ECMWF's convention; Acquisition of meteorological data from ECMWF's Member and Cooperating States as per ECMWF's convention; Web-browsing and specific VPN services offered by ECMWF to ECMWF staff, contractors and other relevant personnel to provide and maintain ECMWF services; Generic web-browsing services offered by ECMWF to ECMWF staff, contractors and other relevant personnel; Transfer of meteorological data between ECMWF and its partners through various tools provided by ECMWF; Dissemination of meteorological data to other ECMWF partners, including commercial customers. 7

Introduction ECMWF s Internet traffic trend over the last two-year (Jan 2017-Dec) Total traffic going through ECMWF s Internet circuits 8

Introduction The Security Layer protects ECMWF IT systems from internal and external threats Defence in depth approach Security Layer: Firewall Nodes Network security layer NGFW firewall Application-layer firewall VPN NAT Intrusion Protection System (IPS) Management of elephant flows Offices security layer Offices firewall Unified Threat Management (UTM): Web filtering and application control Management and monitoring of the security layer 9

Introduction The Network and Security infrastructure is also used to provide essential enabling Auxiliary Services Auxiliary Services: DDI and NTP Auxiliary Services: Application Control and Load Sharing Operational needs 24/7/365 service availability 10

HLD Overview 11

Fabric Layer The network backbone that interconnects the other network components together to provide connectivity to all IT systems It will be based on an IP Fabric or Leaf-Spine architecture It will be based on a multi-site topology with two physically segregated networks deployed in the two Data Halls Very high service availability of the resulting infrastructure Highly scalable as it can easily scale and expand to interconnect with other sites Connectivity types: 10GbE, 25GbE and 100GbE Number of ports Very rough figures based on fully populated racks: Network connectivity: ~300 x 10GbE, ~50 x 25GbE and ~400 x 100GbE Server connectivity: ~1600 x 10GbE/25GbE (mainly 25GbE) 12

Internet Edge Layer Joins the data centre to the WAN through ECMWF s Internet, RMDCN and SIP-based telephony circuits 2x100Gbps Internet circuits provided by GARR 2x1Gbps RMDCN circuits provided by GTT (formerly known as Interoute) Telephony SIP trunks connectivity Used to provide the Reading-Bologna site-to-site connectivity 13

Security Layer: Firewall Nodes Monitors and controls the flow of data traffic to protect ECMWF from internal and external threats Includes various hardware and software elements to protect the data centre and other network infrastructures such as Offices and M&M networks Total traffic handled by the current firewall cluster over a 24h period (13-14 January 2019): 14

Auxiliary Services Provides essential enabling auxiliary services for other IT service providers at ECMWF Auxiliary Services: DDI and NTP DDI: DNS, DHCP and IPAM services NTP services Auxiliary Services: Application Control and Load Sharing Service delivery services Load balancing services 15

Procurement approach Two ITTs for the following component groups Fabric Layer Internet Edge Layer Offices Network in Bologna Management & Monitoring Component Groups Three ITTs for the following components Component Security Layer: Firewall Nodes Auxiliary services: DDI and NTP Auxiliary services: Application Control and Load Sharing 16

Q&A Grazie mille! 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback