« Back

High-Speed Computing Concept Avoids Typical Security Approaches

High-speed communication is essential for scientific research, but conventional security approaches such as firewalls can reduce data rates. For example, Joe Breen, assistant director of networking at the University of Utah’s Center for High Performance Computing, found that security appliances cut the speed of his Internet2 backbone from its maximum 10 Gbits per second to as low as 200 Mbps. So he and his colleagues developed an architecture called Science DMZ, which places data-intensive computing resources into a demilitarized zone outside the campus firewall and at the network edge. The prototype DMZ still has security but it doesn’t slow packet traffic because it doesn’t use conventional hardware-based architectures. One approach they use is remotely triggered blackhole routing, which blocks malicious IP addresses without reducing network bandwidth, in part, because it bypasses routers' border gateway protocol tables. Breen said he expects the Science DMZ concept to be adopted outside high-performance computing, perhaps by manufacturing and other companies that share massive 3D digital files with employees in multiple locations. (Ars Technica)(Internet2 -- PDF)(Internet2)

Trackback URL: