An instance of the service has been deployed in ESnet and is in preliminary production.
Interoperability has been fully established with Internet2's DRAGON infrastructure, and the
service was successfully demonstrated to a wide audience in SC07 and JT08. Development is
still ongoing, focusing on pushing the service into full production.
Network Monitoring perfSONAR:
In order to satisfy the needs of the various communities of users of network data the network
operators and engineers, the network support staff at the institutions of the end users, and the end
users both in the process of debugging the performance of a distributed application or as part of a
service that reports network problems to an application resource manager there are several
aspects of network monitoring that must be addressed.
There are three general categories of performance measurement data active measurements,
passive measurements, and network state variables (SNMP variables) that can be thought of as
data producers. From the network data user's point of view this data must be available in various
ways and must have various services associated with it both to homogenize the information from
different networks and to present the data in useful ways. Data should be provided as a data flow
or via polling.
The analysis tools, threshold alarms, and visualization tools are data consumers that, in turn, need
data that is already transformed in various ways. Therefore, between data producers and data
consumers there may be a pipeline of aggregators, correlators, filters, and buffer services that can
be regarded as data transformers and data archives.
Further, the services the data producers, consumers, transformers, and archives are all
resources that need to be discovered and almost certainly used within an authentication and
authorization framework that maintains the policy prescribed by the network operators that own
the measurement data.
perfSONAR is addressing all of these aspects and ESnet is actively deploying perfSONAR and
collaborating in its development. See 0.
Federated Trust and PKI Certificate Service:
Public key infrastructure (PKI), certification authorities (CA) and related services are the
foundation of exercising trust relationship between participants in research facilities in the US
and abroad. Several scientific communities have identified aspects of PKI and trust federation as
essential. In cooperation with these communities, ESnet has developed a PKI to support current
needs, is actively promoting interoperability and policy coordination with similar PKIs in the US
and elsewhere in the world, and is active in developing new trust mechanisms and related
services.
At the top of the ESnet PKI hierarchy is the ESnet root CA. The only purpose of the root CA is to
sign the certificates of subordinate CAs that sign user's identity certificates. (In the PKI model,
CAs has a PKI identity just as humans do.) The subordinate/signing CA certificate is used, in
turn, as the basis for signing the certificates that provide users, services (servers), and host
systems with a verifiable cyber identity. These subordinate or signing CAs are on-line all of the
time so that requests for new user certificates can be handled immediately.
29