Networking & Public Services for BESIII Wang Li on behalf of Network Group of IHEP Computing Center OUTLINE Current Status Networking Public Services Future Plan Summary 2 WIDE AREA NETWORK IHEP-EUR.: 10Gbps IHEP-USA: 10Gbps IHEP-Asia.: 2.5Gbps IHEP-Univ.: 10Gbps 3 INTERNAL NETWORK 4 DATA CENTER NETWORK Double Core switches & Firewalls • High Capability , Stability, Easy Management… • 160Gbps(4X40Gbps) • 10Gbps for Storage Services • Bypass link for scientific data traffic • Internal: Computing/Storage/AFS/DNS/Monitoring • DMZ: Public Servers/Login Nodes/… • Internet: Network Performance Measurement nodes • Data Network Better Backbone Bandwidth Clear Zone divisions Two independent networks • • High Stability & Capability Management Network • High Stability 5 OFFICE NETWORK 2x10Gbps backbone IPv4 & IPv6 Supported Monitor & Control Center Access control sys IHEP + eduroam 6 EDUROAM It is an international wireless roaming service for users who are the league members of EDUROAM. Provide researchers, teachers and students easy and secure network access when visiting other institutions. Use your own account, use the network anywhere(EDUROAM is enabled) IHEP has joined the EDUROAM community officially since March 2015. Current there are over 500 IHEP users are active to use this services, please use it, you will enjoy it! If your institute want to join EDUROAM community, we can help you ! More members, More convenience 7 NETWORK PERFORMANCE OPTIMIZATION Project: SDN@IHEP Goals Improve the data exchange performance, based on the current Network infrastructure Current Participants IHEP/SDU/SJTU Performance improvement: Effects 5~15 times • More volunteers are welcome • We will try our best to imporve the network performance between IHEP and the members,or help the members to improve the performance • [email protected] 8 NETWORK MONITORING Network Device Monitoring Network Flow Monitoring Advantage Timely Detect Network Anomalies Improve Network Stability 9 NETWORK MEASUREMENT Introduction To measure the bandwidth, latency and packet loss of internal network based on perfSONAR Advantages Prediction Network Traffic Anomalies Network Performance Analysis Data Support NETWORK SECURITY Web vulnerability scanning system Keep scanning monthly Vulnerable server will be warned by email It also open to IHEP users, you use the service to check the status of your server or PC, the system will also give you some suggestions for your devices security http://safe.ihep.ac.cn NETWORK SECURITY Weak Password Detection System Developed to check AFS/SSO user accounts. Email notification is sent to user once weak password is detected. 79 AFS and 163 SSO weak password detected PROPOSAL: HEP NETWORK SECURITY CONSORTIUM We are connected with the network ! All of us will be affected if there are security problem in the network and services ! We propose to establish a consortium on HEP network security in China Goals: Cooperation on defending computing network intrusion Sharing information/knowledge/experience/manpower on high-risk vulnerability Providing various services for members who need help You are welcome to join if you have public accessible computing infrastructure for HEP wish to cooperate with others on network issues(security, performance……) Contactor: Maillist: [email protected] Dr. YAN Tian ( [email protected] )/An Dehai ([email protected]) Qi Fazhi ([email protected]) 13 PUBLIC SERVICES 14 IHEP UNIFIED AUTHENTICATION User Account/Password management Experiments/E-Groups Supported Oauth 2.0 API Shibboleth API AN IMPORTANT STEP: APPLY FOR THE BESIII MEMBER PERMISSION 16 IHEP IT SERVICES DESK One Service Desk Two contact ways : web Portal , email Available for all users Response in time One set of common Processes (to operate, manage and measure) One Service Management Tool Users not exposed to HOW things are done, nor WHO is responsible VIDYO DEPLOYED @IHEP Introduction: personal and group video conferences. quality, reliability, and scalability. Functions : Video conference Files/Desktop sharing Create/Apply for Video Conference Room Online Integrated with Indico@IHEP Users: BESIII,JUNO,CEPC…… 18 IHEP BOX Introduction: Synchronization between user machine (desktop PC) and central repository managed by IHEP Computing Center. functions similar to DropboxTM Based on ownCloud Functions : Upload/download Users: 1,093 Windows, MAC, IOS, Android are supported Storges: 3.3TB Sharing Files (public, private, Expiration Date) Version Control LDAP / IHEP sso Files: 1,341,600 Plan: EOS will be used as the backend storage system to replace local disk array ~150TB will be added 19 IHEP PHONEBOOK Introduction http://phonebook.ihep.ac.cn telephone enquiry service Support App for Mobile Device Browser IHEP News Advantages Query efficiency Easy browsing 20 FUTURE PLAN 21 FUTURE PLAN High Performance Network MPI over InfiniBand architecture, to support for high performance and scalable MPI computing Software Defined Network (SDN) Science DMZ for optimizing science data transfers SDN technology applied to WAN connections SDN based data center network 22 FUTURE PLAN Network Security Promote cooperation of cyber security in High Energy Physics community in China Share information and experience on network security issues with organizations outside China Public Services More new services will be available Material Purchase Management System New Network Access Control System More Easily for users to use IHEP network resources (Wifi/Cabled network) 23 SUMMARY Networking and public services for BESIII is running well Network security Consortium/Federation for Chinese HEP community is proposed to share the experience/knowledge/manpower for the network issues More and more public services will released for users soon 24 THANKS 25
© Copyright 2026 Paperzz