The Pennsylvania Science DMZ (PA Science DMZ) service provides a means for researchers to collaborate with their peers. The PA Science DMZ service is analogous to a private network exchange, but is available exclusively to KeystoneREN connected institutions. Built as a performance based security enclave network, the network segment is ideal for giving a preferred path for lowest latency and best performance that would otherwise transit the public Internet. The PA Science DMZ can be a lower-cost and flexible alternative to circuit, private-line technology, or VPNs that customers may be using today for best effort connectivity between disparate locations and peers.
This design maximizes the potential uses for the PA Science DMZ and gives researchers the flexibility to implement their specific network requirements and policies. This service can be delivered as an 802.1Q tagged Layer 2 Ethernet hand off with a common Ethernet Broadcast Domain within the PA Science DMZ. Additionally, this service can also be delivered as a Layer 3 Ethernet routed interface or managed router services within the PA Science DMZ.
Potential Use Cases
Additional network path and path redundancy:
The PA Science DMZ can act as a secondary path when a primary path exists between customer sites and peers. The PA Science DMZ can provide customers alternatives to increase resiliency in their wide area networks.
LAN extensions across different physical facilities:
The ability to extend a LAN across physical sites transparently introduces a number of new opportunities that can reduce network infrastructure costs or enable emerging technology.
Layer 3 network peering between members:
Customers can use the PA Science DMZ to off-load traffic between researchers on KeystoneREN or other Research and Education networks that may otherwise transit the public Internet by establishing BGP peering. Off-loading traffic from an existing commodity service provider can reduce operational costs and enhance network security.
Benefits
Any-to-Any connectivity – Any customer can send traffic to any other customer within the PA Science DMZ with minimal configuration in the customer’s network.
Cost effective – Easy to use and cost effective Ethernet technologies makes the PA Science DMZ very accessible without additional infrastructure investment
Flexible – Simplicity of Ethernet hand off maximizes use cases and implementation options.
Simplified bandwidth scaling – Incremental connectivity options allow bandwidth to be upgraded without additional network infrastructure or long provisioning times.
Requirements for Service/Technical Specifications
KeystoneREN members and affiliates subscribing to KeystoneREN Connection Services are eligible to use the KeystoneREN PA Science DMZ. A KeystoneREN Connection Service is required to participate in the KeystoneREN PA Science DMZ. perfSONAR servers will be used to validate loss, latency, and jitter as well as schedule throughput tests. Interface counters will be streamed six times every minute as well as network packet samples via sFlow for transparency and visibility of the researchers science workflow and collaborations.
Contact [email protected] for more information or call 717-725-9442 to speak with a KeystoneREN network sales support specialist.
Presentations
PA Science DMZ Overview, October 24, 2024, CyberAccelerate Workshop
PA Science DMZ Overview, Overviews of New CC* Regional Networking Awards, Ken Miller, September 18, 2024, The Quilt Fall Member Meeting.
Connecting the Keystone State: CC* PA-DMZ Update, Wayne Figurelle, June 11, 2024, Research Computing at Smaller Institutions.
Panel Session on the PA Science DMZ, Wayne Figurelle, Grant Dull, Ben Miller, Jason Simms, Frederick Adkins, April 17, 2024, KINBERcon.
Acknowledgement:
The Pennsylvania Science DMZ is joint collaboration of KeystoneREN and Penn State University is funded in part by NSF Award #2346589. The Pennsylvania Science DMZ (PA Science DMZ) project addresses critical infrastructure and connectivity gaps in five participating institutions: Pennsylvania State University, Indiana University of Pennsylvania (IUP), Lafayette College, The Digital Foundry at New Kensington (DFNK), and Swarthmore College.