by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2014
HIGH-PERFORMANCE COMPUTING University or government scientists often demand high performance computing resources, which means researchers need access to ever larger datasets and a way to collaborate with widely dispersed teams of scientists. To create an environment to facilitate such compute-intensive work, USDA s Agricul- tural Research Service is expected to start laying the foundation for a Science DMZ network. The Department of Agriculture is just the latest in a growing num- ber of government agencies to use the concept. While many organiza- tions deploy a DMZ (after the term "demilitarized zone") to harden their regular business networks using security devices such as fire- walls, Science DMZs have special needs that require their own spe- cific designs. And it s not some- thing that can be created with high-speed connections alone. The firewalls that protect email, Web browsing and other applications can cause packet loss in the TCP/IP networks, for example, which can dramatically slow data speeds. For business applications that latency may be nothing more than a temporary an- noyance, but for scientific organizations, which need to shift many gigabytes of data at a time, it can be catastrophic. The question is how to provide the spe- cial conditions that scientists need to do their jobs, while at the same time mak- ing sure the data is sufficiently protected. To do that, the scientific data has to be handled separately from data generated by regular business applications that runs over the local-area network. A Science DMZ, which nevertheless is part of the agency s overall network topol- ogy, is typically located at or close to the agency s network perimeter, in many cases tied directly to the router that connects the research institution to the wide-area net- work. That guarantees the greatest pos- sible network speed for science data. Inside the Science DMZ there may still be many of the same devices as the LAN would have, except they are either spe- cially built and of much better quality, or they are especially configured to handle the volumes of data that the science ap- plications produce. Firewall input buffers have to be a lot larger than LAN firewalls, for example, because they need to handle far higher burst volumes of data. Given the smaller application set pro- ducing the data on the DMZ, firewalls could even be eliminated by filtering the data through switches or routers based on IP addresses or TCP ports, used in conjunc- tion with intrusion detection systems. The Science DMZ also needs dedicated servers called Data Transfer Nodes that are spe- cially designed and configured for science data transfer. A critical requirement for any Science DMZ is a performance monitor- ing system to quickly catch and mitigate problems that can slow the data flow. Such systems often use Performance focused Service Oriented Network monitoring Ar- chitecture, which is a set of tools that can continually check for packet loss or increases in laten- cies across the network. The concept of a Science DMZ is not that new, but the urgency of dealing with rapidly increasing levels of scientific data mean that networks distinct from overload- ed general business networks are becoming a necessity, and various organi- zations are pushing for their development. Staff at the DOE s Energy Science Net- work, which connects scientists at over 40 DOE sites, have become evangelists for Science DMZs throughout government, for example, and the National Science Foundation in 2012 issued a solicitation for proposals from universities to upgrade their network infrastructures with Science DMZs. • While many organizations use a demilitarized zone to harden their nets, scientific computing requires a DMZ that won't slow performance Science DMZ: For faster, more secure research BY BRIAN ROBINSON 32 GCN JULY 2014 • GCN.COM The question is how to provide the special conditions that scientists need to do their jobs, while at the same time making sure the data is sufficiently protected.