Science DMZ
A Scalable Network Design Pattern for Optimizing Science Data Transfers
The Science DMZ is a portion of the network, built at or near the campus or laboratory's local network perimeter that is designed such that the equipment, configuration, and security policies are optimized for high-performance scientific applications rather than for general-purpose business systems or “enterprise” computing.
Developed by ESnet engineers, the Science DMZ model addresses common network performance problems encountered at research institutions by creating an environment that is tailored to the needs of high performance science applications, including high-volume bulk data transfer, remote experiment control, and data visualization.
The Science DMZ is scalable, incrementally deployable, and easily adaptable to incorporate high performance and advanced technologies such as 100 Gigabit Ethernet services, virtual circuits, and software-defined networking capabilities.
Key Components
A Science DMZ integrates four key concepts into a unified whole that together serve as a foundation for this model. These include:
- A network architecture explicitly designed for high-performance applications, where the science network is distinct from the general-purpose network
- The use of dedicated systems for data transfer
- Performance measurement and network testing systems that are regularly used to characterize the network and are available for troubleshooting
- Security policies and enforcement mechanisms that are tailored for high performance science environments