Slide 1Slide 1

Defining and Understanding Campus Policies associated with Integrating a Science DMZ into the Campus Environment

Moderator:

Wendy Huntoon, KINBER

Panelists:

Scott Baily, Colorado State University

Wallace Chase, Washington State University

Tony Brock, Oregon State University

Slide 2

Oregon State University

Slide 3

Oregon State University – Current Design

Slide 4

Oregon State University –Data Flows

Slide 5

Oregon State University – Technical Design

Slide 6

Oregon State University

Technology Portfolio Lifecycle:

1. Market Portfolio Analysis - Why do we want to do this?

2. Due Diligence/Internal Testing - Is this a good idea?

3. Executive Decision - Will this be part of the portfolio?

4. External Pilot - What does it take to do this well?

5. Deployment - Do customers know about this?

6. Support/Efficacy - Is our value optimized?

7. Metrics/Sunset - Is the value worth the service?

Slide 7

Oregon State University – Proposed Policies/Standards by Lifecycle Stage

5. Deployment1. Technical Requirements for connecting

2. Use requirements (AUP? and/or eligibility to connect?)

3. User training, education and communication of expectations

6. Support/Efficacy1. Maintenance

1. Appropriate tools for monitoring and archival of data

2. Hardware refresh/renewal (applies to both user and IT equipment)

3. User issues – who do the users call? Who are the first, second and third tiers of support?

2. Security/Monitoring (CISO’s Office)1. Data classification

2. Integration of compliance with NIST policies (if applicable)

3. Incident response and remediation procedures (compromised hosts, user notification, etc.)

4. Application of the 20 Critical Controls (require advanced, written agreement for auditing?)

5. User notification – communication of contact information and expectations

7. Metrics/Sunset1. Metrics and Review

1. Service Review – Is this still the appropriate design?

2. Annual Metrics – long-term documentation of performance

2. Sunset – Criteria for discontinuing service1. Termination of grant?

2. Minimum performance/age requirements

3. Change is type of use or purpose (i.e., is this still research or is it now “production”?)

4. User notification and consulting for potential alternative solutions

Slide 8

Washington State University

Slide 9Slide 9

High Speed Scalable Research CoreBuilding the backbone to support big data and unique research at WSU Pullman…

PAN-EDU-205

Slide 10Slide 10

Washington State University – Located in Pullman, WA (not Seattle…)

• Land-grant institution founded in 1890• Around 30k students• Several strong research programs that are data intensive

• Genomics• Atmospheric• Geologic• Shock Physics• National Smart Grid• TRIGA reactor

• History of very distributed infrastructure• Multiple HPC environments• Research spread across many locations• Solution needed to take these realities into account

Slide 11Slide 11

Slide 12Slide 12

Slide 13Slide 13

Slide 14

Colorado State University

Slide 15

CSU is located in Fort Collins, CO• Land Grant University founded in 1870• Approximately 30K Students• Research focus areas include

Engineering, Atmospheric and Environmental Sci., Bioinformatics

• Very decentralized IT environment• Moving toward the “condo model” for HPC

on campus• Partnering with CU to implement a shared

HPC system to be located in Boulder, CO

Slide 16

CSU’s Implementation of the Science DMZ

Slide 17

Science DMZ represents new service, challenges

• Unprecedented file transfer speeds are now possible• Many researchers are comfortable with the status quo• Lots of devils in the details• Exercising our governance process • No one said this would be easy!

Slide 18

Panel Discussion Questions• Who gets to connect to the research network? Who makes

the call who gets access?• All resources are limited, how do you deal with prioritization

of those resources?• Do you allow for “commodity” internet access on your

research network or just connections to “pure” research networks? What are the operational and security questions this brings up?

• There seems to be a paradox between what may be perceived as "lighter weight" security afforded by the Science DMZ and tighter controls being required from funding agencies, for example FISMA and NIH's Genomic Data Sharing (GDS) Policy. How are you dealing with this?