PROPOSAL FOR A UMICH/CERN AUTHENTICATED QOS
Research Participants, University of Michigan:
William A. (Andy) Adamson, Assistant Director, Center for Information
Technology Integration (CITI)
Robert C. Ball, Senior Engineering Research Associate, Department of Physics
Shawn P. McKee, Assistant Research Scientist, Physics Department
Homer A. Neal, Director, UM ATLAS Collaboratory Project, Samuel A. Goudsmit
Professor of Physics
Jeffrey C. Ogden, UM Internet2 Coordinator, Associate Director, Merit Network
Victor K. Wong, Academic Liaison and Director, IT for Research, Office of the
CIO INTRODUCTION
We propose a research and development project that will, for the first time,
advance the state of the art for practical deployment of distributed
applications that rely on quality-of-service (QoS) guarantees from the network
infrastructure. Although the architectural specifications of QoS reservations
are still being developed, it is critical that the initiation of R/D in this
area begin immediately to address the issues of authentication and
authorization. We propose development of a distributed application that
requests network resources from a local bandwidth broker (BB), which in turn
forwards the request through the BB infrastructure to the BB in the destination
network. Before authorizing a resource request, BBs authenticate the
requester, based on the presentation of public key (PK) credentials. We propose
to base BB authorization on the Akenti Authorization Service, which inspects
the requester's PK credentials and matches her resource usage requirements with
a policy statement.
Our effort will implement this architecture to inter-operate with existing
standard protocols and services, and will provide a demonstration of a
distributed, resource-controlled application running between the University of
Michigan in Ann Arbor (UMICH) and the European Organization for Nuclear
Research in Geneva (CERN). The large-scale, international ATLAS high energy
physics research project, being conducted in a massively distributed
environment, will be used as the test-bed.
PROJECT OVERVIEW
We propose constructing the minimal network and security infrastructure
configuration needed to:
We will then add this secure QoS reservation ability to CITI's (Center for
Information Technology Integration) extensions to VIC and VAT, the Mbone video
and audio applications, and demonstrate with audio and video, secure and
authenticated reservation of QoS resources between remote realms.
Because this is an early demonstration project, there will still be significant
hands-on router configuration on the network infrastructure not controlled by
participating bandwidth brokers. The results of this project will help to
determine whether it will be useful to proceed with the development of an
application API.
The full research proposal for the activities to be managed at CITI is attached
to this proposal, and is also available on the web at:
http://www.citi.umich.edu/u/andros/UM-CERN_qos_proposal.htm
.
PROJECT PARTNERS
Researchers from the following organizations are dedicating effort to this
project:
The bulk of the project will be managed by Andy Adamson in CITI. Homer Neal and
two research scientists in Physics, Bob Ball and Shawn McKee, will work in the
later phases of the project when Physics provides the real-world test-bed
using an actual video application on the connection between UM and CERN. (It is
anticipated that ITCom will provide QoS on their part of the path and work
with Physics to ensure that one building network is ready.)
Jeff Ogden, Merit and ITD, has committed personnel who will implement QoS
within the Michigan GigaPoP and coordinate work with the UM on one end and
UCAID/Abilene on the other.
We anticipate that Linda Winkler of Argonne National Laboratory will provide a
BB implementation to be used, will test the authorization payload in Argonne's
BB testbed, and will run an authorization-enabled BB in the final phase of the
project for the connection between UM Physics and CERN.
Ted Hanss, UCAID/Internet2, has committed personnel who will describe the
Internet2 connection between UMICH and CERN and the means by which a
diffserv-enabled connection between UMICH and CERN can be established. In
addition, they have requested external funds for this project in a recent
request to the NSF. Should this funding become available, it will be used to
reduce the funding commitment at UM.
Olivier Martin, head of the CERN networking group, has committed personnel who
will install CITI's authentication and authorization services. CERN will
provide any necessary equipment and personnel to do the real-world test with UM
Physics in the later phases of the project.
One full-time Graduate Student Research Assistant will be hired for this
project. In addition, there will be undergraduate students from Physics
involved in the later phases of the project.
ADVANTAGES OF UM'S INVOLVEMENT
We believe that UM is singularly well-suited to carry out the proposed project.
UM is one of the largest and most comprehensive research universities in the
US, and one of only a handful of universities with targeted programs in
collaborative studies. UM is also nationally recognized as one of the most
innovative in linking undergraduate education and research (RAIRE Award, UROP
Program), and one with faculty talent that has demonstrated its capability to
develop nationwide networks (NSFNET) and Internet browsers (Mosaic). UM is
closely affiliated with consortia developing the next generation Internet
(UCAID-Internet2, ALLIANCE). Finally, the fact that we are engaging the
challenges of collaboratory studies at CERN - where the World Wide Web was
first developed - positions us to carry out the planned R/D in an almost ideal
setting.
STRONG HIGH ENERGY PHYSICS TEAM AT MICHIGAN
Members of the Michigan High Energy Physics Group are centrally involved in a
variety of key phases of the ATLAS experiment, ranging from the prototyping,
construction and commissioning of a significant portion of the muon
spectrometer, responsibility for the overall muon database and the muon system
trigger electronics, key portions of the collaboration's software training
initiatives, the experiment's trigger database design, and several analysis
projects. These require the ability to communicate regularly with other members
of the collaboration, to communicate using sophisticated shared applications,
as well as with dispersed students, faculty and scientists in the Michigan
group itself. Advances in networking protocols are necessary to further this
research.
ABILITY TO IMPACT UNDERGRADUATE EDUCATION
Michigan also shares responsibility for the NSF REU (Research Experiences for
Undergraduates) program at CERN in which, for the first time, U.S. students are
fully participating in the prestigious CERN Summer Student Program. In the
future, this link to undergraduate education will provide special opportunities
to involve motivated students to help test various new distance learning
paradigms in the context of an advanced, high bandwidth, QoS environment. The
results will ultimately improve and enhance networking for all university
students.
DEVELOPMENT OF NETWORKING EXPERTISE AT UM
The development of in-house expertise in the area of QoS and advanced
networking strategies will strengthen UM's ability to attract the very best
information technology faculty, students and staff. Additionally, this project
continues moving UM's network infrastructure in the direction necessary to
handle future demand for the resources, and works to solve the difficult
authentication and security issues that plague the current network.
ABILITY TO ATTRACT EXTERNAL FUNDING
The strong group of researchers committed to this project plan to move forward
with an implementation proposal to the NSF Infrastructure and Technology
Research (ITR) program during the next solicitation (estimated submission in
early 2001). The ability to demonstrate the University's commitment to this
research through this seed grant will strengthen our opportunity to attract
external funding for this project.
IMPACT ON UM COMMUNITY
It is the nature of modern science that complex problems must be tackled across
universities, industries and other organizations. While this current project
focuses on the needs of the ATLAS collaborators in the Department of Physics,
there are other groups on campus that will directly benefit from the results of
this research. Some examples include the SPARC (Space, Physics and Aeronomy
Research Collaboratory) Project, the Visible Human Project and the Great Lakes
Center for AIDS Research. These projects, like ATLAS or any other project that
must cross organizational boundaries, also face challenges with regard to
authentication and security, as well as difficulties in online communication
and shared workspace.
Although this work is focused on communication/collaboration between UM Physics
and CERN, this project offers the opportunity for UM to get started on QoS for
each of the networks/segments/domains. This real-world project is a good way
to experiment and gain the technical experience and expertise that will be
required in the long run. Success will benefit more than just UM Physics or
CERN.
Finally, no matter how much bandwidth is available to the UM community, there
will be issues related to the allocation of these resources to the highest
priorities. At present, these priorities compete equally with all other uses of
network bandwidth (like MP3 downloads). Advances in reservation,
authentication and security will give UM the head-start necessary to address
the allocation issue before it becomes a crisis.
CONCLUSION
We plan to initiate a set of carefully planned measurements that, in concert
with the growth in bandwidth and the advent of the new bandwidth reservation
technologies, will extend the power of the Internet to facilitate large-scale
collaborative efforts. The impact of these studies should be felt in numerous
areas well beyond the scientific project being used as the initial test-bed. We
propose to carry out this work employing, symbolically and in reality, a
transatlantic bridge that, on each end, will have an exceptionally talented
group of researchers committed to its success. By tightly coupling our R/D with
targeted applications, we intend to make sure that the technological advances
we develop will indeed promote the scientific collaborative process and help
lay the groundwork for university scientists being able to continue to
contribute to cutting edge scientific research at a very high level, even
though they, their colleagues and their students will be increasingly separated
by the dispersed nature of future large-scale research facilities.
BUDGET
*If UCAID receives NSF funding for this project, it will be used in part to
reduce UM’s commitment.
2
PROJECT OVERVIEW
ADVANTAGES OF UM'S INVOLVEMENT
CONCLUSION
BUDGET
The following expenses will complete all phases of this project over 16 months.
CITI
GSRA (full-time for 14 months)
.5 STAFF (16 months) - Adamson
COMPUTERS (2 Sun solaris workstations)
CITI OVERHEAD
TRAVEL FROM UM TO CERN (TWO 2-week TRIPS)
CERN
COMPUTER (Sun solaris workstation)
.2 STAFF (engineer assigned to project)
UCAID
.2 ENGINEER
MERIT
.2 ENGINEER
PHYSICS
ROUTER EQUIPMENT AND WIRING FOR WEST HALL
HOURLY UNDERGRADUATE STUDENTS
ARGONNE
.2 ENGINEER
TOTAL PROJECT COST
Request to UM Units: CIO
PHYSICS/LSA
OVPR
Commitments from outside participants:
MERIT
CERN
ARGONNE
UCAID*