Science DMZ

A Scalable Network Design Model for Optimizing Science Data Transfers

The Science DMZ is a portion of the network, built at or near the campus or laboratory's local network perimeter that is designed such that the equipment, configuration, and security policies are optimized for high-performance scientific applications rather than for general-purpose business systems or “enterprise” computing.

Developed by ESnet engineers, the Science DMZ model addresses common network performance problems encountered at research institutions by creating an environment that is tailored to the needs of high performance science applications, including high-volume bulk data transfer, remote experiment control, and data visualization. 

The Science DMZis scalable, incrementally deployable, and easily adaptable to incorporate emerging technologies such as 100 Gigabit Ethernet services, virtual circuits, and software-defined networking capabilities.

A Science DMZ integrates four key concepts into a unified whole that together serve as a foundation for this model.  These include:

  • A network architecture explicitly designed for high-performance applications, where the science network is distinct from the general-purpose network
  • The use of dedicated systems for data transfer
  • Performance measurement and network testing systems that are regularly used to characterize the network and are available for troubleshooting
  • Security policies and enforcement mechanisms that are tailored for high performance science environments

Integrating Science DMZ into the Local Site

Taken together with operational best practice, the components of the Science DMZ form a scalable, extensible model for the support of science applications at many research institutions. 

The Science DMZ Model has been successful in many different science environments, from supercomputer centers like NERSC to facilities involved in the Large Hadron Collider collaboration. In addition, the Science DMZ Model has been adopted by laboratories and universities.  Through collaboration with Internet2, the Science DMZ is playing a role in its new Innovation Platform architecture aimed at helping its university members take advantage of advanced network capabilities to help accelerate discovery on campuses.

The Science DMZ Model addresses several key issues in data intensive science, including:

  • Reducing or eliminating the packet loss that causes poor TCP performance
  • Implementing appropriate security architectures and controls so that high-performance applications are not hampered by unnecessary constraints
  • Providing an on-ramp for local science resources to access wide area science services including virtual circuits, software defined networking environments, and 100 Gigabit infrastructures.
  • Incorporating network testing, network measurement, and performance analysis through the deployment of perfSONAR