American Museum of Natural History Cyberinfrastructure Plan - 2022
Cyberinfrastructure Plan: The American Museum of Natural History
Introduction
The American Museum of Natural History (AMNH) is uniquely positioned at the nexus of research, education, and public outreach. Our mission to “discover, interpret, and disseminate, through scientific research and education, knowledge about human cultures, the natural world, and the universe” defines our collective focus as an institution. For 150 years, AMNH has been a recognized leader in innovative scientific research and science education for students, teachers, families, and the general public the world over. Since the opening of the AMNH Richard Gilder Graduate School (RGGS) in 2006 (accredited by the Board of Regents of the State of New York), which confers Ph.D.s in Comparative Biology and Masters of Arts in Teaching degrees in Earth Science, AMNH has been preparing the next generation of scientific leaders and teachers.
In recent years, AMNH has made a series of strategic technology infrastructure investments to provide additional capabilities. These include the expansion of wireless services leveraging 802.11ax (Wifi6) wireless service across the campus. Cybersecurity enhancements including web application firewall (WAF) capabilities, next generation host and network-based intrusion detection/prevention services, expanded network and cybersecurity monitoring capabilities, and expanded log correlation and analysis capabilities have been implemented to protect the Museum infrastructure. Expanded monitoring services ensure network performance is optimized. Finally, datacenter facilities upgrades have been made to support additional cooling capacity for AMNH HPC and research initiatives as well as to provide redundant cooling capability in the event of a failure of the primary HVAC system. Most notably, AMNH secured funding through NSF award #1827153 to deploy a Science DMZ at AMNH to facilitate large- scale, high-speed data transfers between remote collaborators and sites, and NSF award #1925590, which expanded the AMNH high-performance computing (HPC) services with the addition of “MENDEL” and associated services such as access to the Open Science Grid.
In addition, AMNH is developing projects to further expand our technology capabilities, including a network core upgrade planned for fall 2022 to provide 10/25/40/100Gbps backbone connectivity as well as data center switching upgrades to provide speeds of up to 100Gbps to local servers. Additionally, AMNH will further expand the wireless services through the addition of 300 additional wireless access points into the Museum’s forthcoming Gilder Center for Science, Education, and Innovation opening in 2023. AMNH is also adopting a “ZeroTrust” methodology for cybersecurity, aimed at protecting AMNH from the growing threats presented by malicious actors.
Cognizant that technology continues to play a key part in scientific research, education, and public outreach, the Information Technology Department at AMNH (AMNH IT) has developed a series of strategic plans focused on modernizing and facilitating the use of technology to further our institutional research mission. These efforts are focused on the following key areas:
1. Outreach to Constituents
The development of an effective and responsive campus infrastructure designed to support the needs of our researchers, educators, staff, and the public requires AMNH IT to actively engage and become partners with our constituents. By becoming intimately aware of their needs and by serving as active participants in their success, AMNH IT is able to deliver impactful and highly effective technology solutions. To this end, AMNH IT actively seeks out opportunities to provide expert assistance in the areas of technology and data management to our research and education community, which allows us to better understand needs across the institution and plan accordingly. AMNH IT regularly engages with AMNH science and research teams through internal meetings and working groups and has purposely enhanced its own outreach efforts in order to develop these important collaborative relationships. These collaborations have proven successful in providing the guiding principles for the deployment of both the AMNH Science DMZ and HPC expansions. Training for researchers on the use of these tools has aided in general awareness of their availability and the adoption of these services. AMNH seeks to continue these important outreach efforts in the development of other research computing services.
2. Expansion of Development of High Speed Networking
Scientific research at AMNH is no longer confined to the Museum campus. Our research is national and global in nature, and it is critical that our cyberinfrastructure also reaches beyond our walls. Therefore, through NSF CC* Award #1827153, AMNH completed the deployment of a Science DMZ, connecting AMNH scientific computing resources to the Internet2 and other research and education (R&E) networks via NYSERNet. This connection is currently provision at 10Gbps, but is being designed to grow as demand and new applications require. The AMNH Science DMZ ties together all research computing HPC systems, Data Transfer Nodes (DTNs), OSG Access Points, and associated services.
AMNH IT is continuing the implementation of IPv6 throughout the Museum’s technology infrastructure. The Museum’s IPv6 allocation from ARIN will continue to be deployed in a phased project. At the current time, all core network infrastructure (border routers, core network switches, firewalls, DNS servers, etc.) as well as all Science DMZ services are IPv6 capable. Test deployments using dual-stack IPv4/IPv6 configurations on departmental research systems are underway to ensure a seamless transition from IPv4 to IPv6. Once IPv6 has been firmly established on research-associated systems and networks, it will be extended throughout the campus starting in 2024.
AMNH is continuing to expand on campus networking capabilities to provide the fastest possible access. In fall of 2022, AMNH IT will complete an upgrade of the network core and data center switching and routing infrastructure, enabling core infrastructure speeds of up to 100Gbps. Access switching is being expanded to provide endpoint connectivity at speeds up to 10Gbps. Planning has begun for the deployment of high-speed/high-density WiFi6 services across the campus.These projects will ensure that network connectivity is not a constraint to the Museum’s scientific and educational mission.
In order to ensure that network performance is maintained throughout the campus and that the efficacy of upgrades and enhancements can be measured, AMNH has integrated a PerfSONAR infrastructure into both the AMNH Science DMZ and the campus network to measure end-to-end performance monitoring. This capability will continue to be expanded to ensure AMNH maintains the most complete view of overall network performance.
3. Cybersecurity and Privacy
A key component supporting high-speed computing throughout the infrastructure is data security. Our aim is to provide sustainable data security that accounts for the varied risks and sensitivities of a given system or data while minimizing the impacts to those data flows as much as possible. AMNH has implemented traditional cybersecurity controls such as physical and logical segmentation, firewalls, intrusion detection and prevention, multi factor authentication, password policies aligned with NIST guidelines, and event monitoring and correlation. In the case of the AMNH Science DMZ, we designed it using the best practices outlined by ESNet. Specifically, router ACLs are used to limit access and log and Netflow aggregation and correlation, utilization monitoring, host port control, and host and network intrusion detection will be used to provide the necessary security on Science DMZ connected systems without a firewall impeding data flows. The Science DMZ security design was developed in collaboration with TrustedCI in 2019.
AMNH is aligning its cybersecurity controls with the NIST Cybersecurity Framework and deploying additional security controls using generally accepted ZeroTrust principles. The goal of these efforts is to provide an adaptive security framework that can rapidly respond to emerging threats.
4. Expansion of High-Performance Computing (HPC) Capabilities for Researchers
Often regarded as a key enabler of scientific advances in the modern age, AMNH will be expanding upon our existing HPC efforts. AMNH IT has taken an active role as a partner with our research community in the development and deployment of the most recent HPC clusters at the Museum. In addition to working on the technical aspects of the Museum’s clusters, AMNH has formed an HPC working group made up of senior members of the IT and science research teams, as well as the AMNH CIO and AMNH Provost. Currently, AMNH maintains several HPC clusters providing a total of nearly 4,000 traditional compute cores, 14,848 GPU cores, and over 400TB of memory for use by AMNH scientists, students, and collaborators. AMNH has also partnered with the Open Science Grid (OSG) to both provide and make available additional computational resources to the research community at AMNH and and now has the capability to leverage cloud based compute resources at Amazon, allowing researchers to be able to leverage the power of the cloud for especially complex problems. AMNH is also deploying a local FIONA8 multi-GPU server as part of the National Research Platform in summer of 2022 to expand computational services. AMNH is planning further expansions of its HPC services such as expanded GPU access to meet the growing demand for these resources.
5. Large Scale Storage Capacity for Scientific and Archival Data
Data storage, archiving, data mining, and dissemination of the collected data are significant challenges faced by AMNH, as well as other education and research facilities around the world. While AMNH maintains a central SAN of over 350TB on the campus, shared across various departments and disciplines, a great deal more data is being stored by individual researchers within their own labs. Decentralized storage makes it extremely difficult for data to be effectively cataloged and shared within AMNH and with research and science institutional partners. Additionally, we expect the need for data storage to continue to grow into petabytes of data within the next 5-7 years. AMNH’s ever-growing collection of scientific and observational data requires a system for cataloging, preservation, and dissemination for use both internally and with the national and global research and scientific community. To address this issue, AMNH is seeking to increase the amount of centralized storage available for our research community, both through the acquisition of additional storage capabilities as well as the migration of appropriate storage loads to the cloud. Additionally, AMNH seeks to fully leverage FAIR principles of data management across all storage services.
6. Identity and Access Management
In mid-2016, AMNH joined InCommon. Through InCommon, AMNH now provides secure two-factor authentication using DUO Mobile for all users. In the summer of 2016, AMNH deployed certificate services via the InCommon partnership, and in 2019 began leveraging InCommon Federation and Assurance to provide seamless single-sign on (SSO) capabilities for our researchers traveling to other institutions and for outside collaborators hosted at the Museum. AMNH is also planning to provide access to Eduroam, a secure, world-wide roaming access service developed for the international research and education community. Eduroam allows students, researchers, and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop. This deployment is planned for summer/fall 2022.
7. Educational Outreach and Workforce Development
AMNH is committed to developing the next generation of scientists and STEM educators through its suite of innovative educational programs, including its graduate degree-conferring programs and a growing portfolio of programs that is focused on the intersection of computer science and science education for middle and high school students. Because of the growing need for computational resources in modern research, the ability to provide these resources to both our students and adult learners will become a focal point for the institution. By gaining an understanding of the proper and effective use of computational technology in a research setting and how to access the large and dispersed scientific datasets necessary for their research, students will become the empowered and effective researchers of the future.
8. Involvement in Regional and National Cyberinfrastructure Programs
As a world-class research and educational institution, it is critical for AMNH to stay on top of emerging trends in research computing and the cyberinfrastructure supporting these endeavors. AMNH IT staff will continue to take part in regional research and education network meetings and working groups facilitated by NYSERNet and to expand our involvement at the national and international level with the Internet2, InCommon, OSG, Educause, Globus, and other programs and consortia focused on developing a sustainable network infrastructure supporting science. To this end, AMNH has presented at several conferences including the OSG All-Hand Meetings, the PEARC conference in 2021, the 2022 Globus conference, and recent NYSERNet webinars focused on developing CC* proposals. Members of the AMNH scientific computing team are active members of the ongoing CARCC Meetings. In fall of 2022, AMNH is planning on hosting a joint EPOC/Globus/ NYSERNet training conference in New York City. AMNH views its involvement in these conferences as important parts of both its
9. Sustainability
AMNH realizes that the long-term success of any technology initiative lies in the ability to integrate those technologies into the Museum culture and existing infrastructure. Technology advancements should be complementary rather than conflicting. To that end, AMNH IT strives to implement best of breed technologies in a manner that allows those systems to be supported with minimal disruption to the existing operations, utilizing existing management systems, techniques, and staff where available. AMNH IT also seeks a consensus from the Museum community before undertaking any major technology initiative to ensure that users and administrators alike understand its impacts, ongoing costs, and management requirements. Additionally, AMNH IT is fully engaged with the Museum’s forthcoming expansion of the campus through the addition of the Richard Gilder Center for Science, Education, and Innovation (opening in 2023), which will house significant portions of AMNH collections, research, and education departments, and the Museum Library. All designs undertaken as part of any infrastructure upgrade ensure that they can be extended into the new facility upon completion. This ensures that projects are sustainable at all levels of the Museum and investments can be leveraged for years to come.