University of Nebraska Cyberinfrastructure Plan - 2022
Introduction
The University of Nebraska (NU) recognizes the increasing demands for Cyberinfrastructure (CI) to support growth in research collaboration, computation, and storage. This Cyberinfrastructure plan outlines a set of CI initiatives within the Information Technology Services (NU-ITS) division. These initiatives support the increasing demands and align with divisional, campus, and University strategic plans. This plan is divided into four primary areas of focus:
- Core Infrastructure: foundational network and security services
- Collaboration: services which enable internal and external collaborations within the research community
- Compute & Storage: rapidly scalable and advanced computation and storage services on-premise and in the cloud
- Holland Computing Center: Nebraska’s high performance computing center
NU-ITS is responsible for operating and maintaining the cyberinfrastructure identified in this plan, apart from the Holland Computing Center managed by their own staff.
Core Infrastructure
This area focuses on the foundational network and security services for the University. These services are often viewed as utilities upon which all other services are built upon, including access for both on and off campus resources. Most of these services are designed to be highly available, redundant, and protected against degradation.
Initiatives:
Unified Edge Network:
Implemented in 2021, the Unified Edge network encompasses wired and wireless access across the NU campuses. The Unified Edge leverages 802.1x based authentication to provide a common security model across the wired and wireless networks. Wired connections support 1Gbps connectivity with the Aruba CX line of switches, on a 7-year refresh cycle. Most buildings are served by redundant 10Gbps uplinks, for a total of 20Gbps. The wireless network standard is 802.11ax/WIFI6, deployed with Aruba equipment. The wireless equipment is on a 5-year refresh cycle. In 2022, work will continue in migrating legacy services into the new security models and enhancing wireless density and coverage.
Campus Backbone Network:
The Campus Backbone encompasses a traditional core and distribution network model, supporting 10, 40, and 100Gbps connections leveraging Cisco Catalyst switches. While most buildings are connected with redundant 10Gbps uplinks, facilities with higher needs can be supported. This equipment is on a 5-year refresh cycle and was refreshed in 2021.
Data Center Network:
A refresh of the Data Center network began in 2021 and is expected to be completed in 2022. In 2021, the alternate site data center was refreshed with Cisco Nexus switches in a spine/leaf architecture leveraging VXLAN EVPN for inter-site connectivity. In 2022, the primary site data centers will be refreshed to match. This includes 10, 25, and 100Gbps capabilities for host connectivity.
NU Wide Area Network:
The NU Wide Area Network (NU-WAN) includes layer 1, 2, and 3 connectivity between the NU campuses, regional partners, and the Internet. This network is built upon owned and leased fiber and lit ethernet circuits and an Ekinops DWDM platform. Juniper MX routers are used to create an MPLS-based network. All primary links between the NU campuses and Data Centers are 100Gbps. Services that require more direct access to high-speed services, such as the Holland Computing Center’s access to Internet2, leverage the ScienceDMZ, bypassing the campus networks to connect directly into the NU-WAN to involve less “friction”. NU agrees with the Principles of the Mutually Agreed Norms for Routing Security (MANRS) and has implemented most of the recommended actions within the NU-WAN. This equipment typically has a longer life, a 10-year refresh cycle, if upgrades are completed periodically. The platforms were last upgraded in 2020.
Cybersecurity:
NU has standardized on Palo Alto for firewalls and VPN connectivity. Firewalls are currently deployed in front of each campus and data center where they connect into the NU-WAN. Additional virtual Palo Alto firewalls are being deployed in the cloud to protect services hosted in Amazon Web Services and Microsoft Azure. Palo Alto’s PRISMA Access provides VPN services with an intent to align security posture with the Unified Edge network in 2022. Palo Alto Cortex XDR provides protection at the endpoint, as well as a user-based network access control structure built upon Aruba wired and wireless edge network equipment, including micro-segmentation. Splunk is leveraged for log management and notification. NU is a founding member of the OmniSOC and REN-ISAC member. Privacy as it relates to cyberinfrastructure is defined in Executive Memorandum 16, Policy for Responsible Use of University Computers and Information Systems. Data security is governed by Executive Memorandum 41, Policy on Research and Data Security, and ID-01 Institutional Data Use Policy. These documents, and additional information on vulnerability scanning, patch management, and change control, can be found at https://nebraska.edu/offices-policies/policies.
IPv6:
IPv6 is currently deployed and in use at the Holland Computing Center. It remains on the roadmap for the rest of NU at this for a system-wide implementation. Deployment planning is expected to begin in 2022 with implementation in the 2023-24 timeframe. All existing equipment is capable of supporting IPv6 today and it can be deployed to buildings and facilities upon request.
Collaboration
NU has observed a continuous increase in the number of external collaborations with other universities, community partners, and industry partners. This growth requires continuous monitoring and enhancement to collaboration enabling services as a part of the CI plan.
Initiatives:
Internet2:
Internet2 operates the nation’s largest and fastest, coast-to-coast research and education network that serves 319 U.S. universities, 60 government agencies, 43 regional and state education networks, and through them supports more than 100,000 community anchor institutions, close to 1,000 InCommon participants, 64 leading corporations, and 70 national research and education network partners that represent more than 100 countries. NU has been a member of Internet2 since its inception and actively consumes many service offerings as well as serving on their advisory boards. NU is registered with InCommon as supporting the Research & Scholarship Entity Category and meets the InCommon Baseline Expectations for Trust in Federation. NU leverages Shibboleth for single sign on, has broadly adopted eduroam across the NU campuses, and is actively pursuing the expansion of eduroam within Network Nebraska as an early participant of the eduroam Support Organization program.
Regional Connectors & Collaborations:
NU is a member of several regional networks, including the Great Plains Network (GPN) that serves as the primary connection to Internet2, the Northern Tier Network Consortium (NTNC) that serves as the secondary connection to Internet2, and the Big Ten Academic Alliance (BTAA). These partnerships provide diverse connectivity to the research community, as well as fostering research collaborations such as GP-ARGO, training opportunities, and Primary Investigator forums.
Network Nebraska:
Network Nebraska is a collaborative statewide networking effort under the auspices of the Nebraska Information Technology Commission (NITC) to share telecommunications resources, network services, and applications among eligible participants. With over 292 members, Network Nebraska connects most of the K-20 educational institutions within the state, providing them with access to commodity internet, DDoS protection, Internet2’s Community Anchor Program (CAP), eduroam, security services, and Zoom web conferencing.
RSpace:
ResearchSpace (RSpace) is a next generation eLab notebook available to NU researchers. RSpace enables researchers to effectively capture, manage, and share research data across an integrated platform with other research services, data storage platforms, and domain-specific tools.
ScienceDMZ:
The Holland Computing Center is the only consumer of the ScienceDMZ with their connection directly into the NU-WAN. This minimizes the number of hops required to traverse the NU networks between them and Internet2, as well as reducing potential flow restrictions and creating less “friction”.
Compute & Storage
NU currently operates three on-premise data centers, two are in Lincoln located in academic buildings and one in Bellevue at a colocation facility. Local Campus Resources (LCRs) are operated on each campus with a network headend room to host local services required for campus survivability. Public cloud agreements are in place with Amazon Web Services and Microsoft Azure. A “cloud-first” strategy is being developed and significant growth is expected to occur in the public cloud space.
Initiatives:
On-premise Compute & Storage:
NU offers on-premise hosting of equipment within NU data centers, VMware-based virtual machines, and related services such as storage and backup offerings. High-speed video editing storage is available on a DellEMC Isilon platform and an archival tier of storage is being added on a Qumulo platform.
Cloud Storage:
NU offers Microsoft 365, including OneDrive, Teams, and SharePoint, as a part of the storage services portfolio. The Microsoft 365 storage platform provides a robust, secure environment for file storage and collaboration.
Amazon Web Services:
NU leverages Amazon Web Services (AWS) as a primary cloud data center, used for compute, storage, and advanced services. AWS is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. AWS has significantly more services, and more features within those services, than any other cloud provider-from infrastructure technologies like compute, storage, and databases- to emerging technologies, such as machine learning and artificial intelligence, data lakes and analytics, and Internet of Things. This makes it faster, easier, and more cost effective to move existing applications to the cloud and build nearly anything you can imagine.
Microsoft Azure:
NU leverages Microsoft Azure as a primary cloud data center, used for compute, storage, and advanced services, including a GovCloud tenant for GCC High/CMMC Level 3 research. Azure is a cloud platform with more than 200 products and cloud services designed to help bring new solutions to life- to solve today’s challenges and create the future. Build, run, and manage applications across multiple clouds, on-premises, and at the edge, with the tools and frameworks of your choice. Azure includes 90+ compliance offerings- the largest portfolio in the industry.
Holland Computing Center
The Holland Computing Center (HCC) boasts the fastest resources in the state of Nebraska at two locations: the Peter Kiewit Institute (PKI) at University of Nebraska-Omaha and the Schorr Center at University of Nebraska-Lincoln. Personnel based in each location assist users, engage students and researchers, and maintain systems. Crane checks in at 121 TeraFLOPS and was a Top500 Supercomputer when put into service. Red, serving the CMS project, stores over 14 petabytes of data. Crane and Rhinoare HCC’s high-performance clusters for general usage and Anvil is HCC’s cloud platform.
Initiatives:
Training & Outreach:
Develop, enhance, and conduct training and outreach activities to support the computational research needs of NU researchers; including software carpentries.
On-Campus Infrastructure:
Operation of NU’s on-campus computational infrastructure, including high-speed networking, data transfer and storage, and GPU & compute resources funded through local grants such as the Nebraska Research Initiative (NRI).
Off-Campus Infrastructure:
Research and innovative infrastructure in collaboration with national and international cyberinfrastructure programs, including the Open Science Grid (OSG), Large Hadron Collider (LHC), XSEDE, the National Research Platform, and the Pacific Research Platform.