Page1    Page28                                                                        Page30  Page177

An instance of the service has been deployed in ESnet and is in preliminary production.

Interoperability has been fully established with Internet2's DRAGON infrastructure, and the

service was successfully demonstrated to a wide audience in SC07 and JT08. Development is

still ongoing, focusing on pushing the service into full production.

Network Monitoring ­ perfSONAR:

In order to satisfy the needs of the various communities of users of network data ­ the network

operators and engineers, the network support staff at the institutions of the end users, and the end

users both in the process of debugging the performance of a distributed application or as part of a

service that reports network problems to an application resource manager ­ there are several

aspects of network monitoring that must be addressed.

There are three general categories of performance measurement data ­ active measurements,

passive measurements, and network state variables (SNMP variables) ­ that can be thought of as

data producers. From the network data user's point of view this data must be available in various

ways and must have various services associated with it both to homogenize the information from

different networks and to present the data in useful ways. Data should be provided as a data flow

or via polling.

The analysis tools, threshold alarms, and visualization tools are data consumers that, in turn, need

data that is already transformed in various ways. Therefore, between data producers and data

consumers there may be a pipeline of aggregators, correlators, filters, and buffer services that can

be regarded as data transformers and data archives.

Further, the services ­ the data producers, consumers, transformers, and archives ­ are all

resources that need to be discovered and almost certainly used within an authentication and

authorization framework that maintains the policy prescribed by the network operators that own

the measurement data.

perfSONAR is addressing all of these aspects and ESnet is actively deploying perfSONAR and

collaborating in its development. See 0.

Federated Trust and PKI Certificate Service:

Public key infrastructure (PKI), certification authorities (CA) and related services are the

foundation of exercising trust relationship between participants in research facilities in the US

and abroad. Several scientific communities have identified aspects of PKI and trust federation as

essential. In cooperation with these communities, ESnet has developed a PKI to support current

needs, is actively promoting interoperability and policy coordination with similar PKIs in the US

and elsewhere in the world, and is active in developing new trust mechanisms and related

services.

At the top of the ESnet PKI hierarchy is the ESnet root CA. The only purpose of the root CA is to

sign the certificates of subordinate CAs that sign user's identity certificates. (In the PKI model,

CAs has a PKI identity just as humans do.) The subordinate/signing CA certificate is used, in

turn, as the basis for signing the certificates that provide users, services (servers), and host

systems with a verifiable cyber identity. These subordinate or signing CAs are on-line all of the

time so that requests for new user certificates can be handled immediately.

29