Follow Datanami:
November 12, 2014

Indiana University Unveils SciPass

BLOOMINGTON, Ind., Nov. 12 — Networking and IT security experts at Indiana University have joined forces to change the way university networks handle the massive data sets that are crucial to discovery. Their innovation, a software-defined networking (SDN) system called SciPass, makes large data transfers faster and more affordable without sacrificing network security.

Like most institutions whose researchers need to generate and analyze large data sets, IU operates a Science DMZ to optimize data transfers while providing appropriate security features. Although dedicated to big data, the Science DMZ has to comply with institutional security policies designed to protect data and infrastructure while maintaining usability. Firewalls often enforce these policies, but they have been shown to slow data transfer, acting as a significant performance roadblock.

The experts at IU’s Global Research Network Operations Center (GlobalNOC) knew there had to be a better way. SciPass was born out of their work with the University Information Security Office. In essence, SciPass provides a security-enhanced Science DMZ that employs state-of-the-art techniques to identify trusted science data transfers, bypassing institutional firewalls and enabling better use of IU’s 100G campus connectivity.

“Our objective was to build a system that would balance the needs of the researchers, the security staff and the network staff to express and enforce security policy. Ultimately, SciPass uses the security apparatus to improve the researcher’s experience,” said Ed Balas, manager of GlobalNOC’s software engineering group. “Security policies are not going away, and SciPass provides a new technique to enforce them while simultaneously supporting high-speed data transfers.” Balas explained that the system uses an OpenFlow-based, fine-grained firewall bypass technique. Because large data flows are being diverted from the main IU network, security engineers can install smaller, more affordable firewalls or possibly slow the upgrade cycle in the future.

“From a security perspective, large scientific data transfers are usually uninteresting and strain limited network monitoring resources,” said Keith Lehigh, IU lead security engineer. “Using SciPass helps redirect those transfers so we can provide more reliable monitoring without busting budgets or impeding research. Unimpeded researchers are going to be happy users and happy users make a security professional’s job easier.”

SciPass is currently in beta and is starting preproduction evaluations on the IU network. GlobalNOC staff members are hopeful about broad deployment in the future. To spread the word, Balas and his colleague AJ Ragusa will present the paper, “SciPass: a 100Gbps capable secure Science DMZ using OpenFlow and Bro,” at the Supercomputing 2014 conference (SC14), taking place in New Orleans November 16-21. They will also demonstrate SciPass as part of the SC14 workshop, “Innovating the Network for Data-Intensive Science,” and in IU’s SC14 booth.

The team would like to thank its testing partners at the Indiana Center for Network Translational Research and Education (InCNTRE) and its Software-Defined Networking Interoperability Lab, and at Brocade Communications systems, which provided key technical and hardware support required for testing.

To read more about SciPass, including technical details, see: http://globalnoc.iu.edu/sdn/scipass.html

Datanami