The Nightmare of Securing a Multi-Purpose Computer Centre20m
The CERN main computer centre has a multitude of purposes: serving CERN's user community and its "office" needs, helping the administrative sector with HR & finance applications, providing compute & storage for physics analyses locally and worldwide through the WLCG, and running IT services for the operation of physics experiments and accelerators. The overlap of those IT provisionings between the competing use-cases is enormous making computer security a tremendous challenge. Worse, even where service separation is possible, the vertical stack of hardware/IPMI, virtualisation, containerisation, and on-top applications undoes such a separation as does the need for central configuration management and central service provisioning... This presentation shall outline these problems from a computer security perspective, hoping for better solutions in the future.
The RARE routing platform and its use in data-centres20m
he RARE (Router for Academia, Research & Education) project (https://wiki.geant.org/display/RARE/) has been successful in the first two years of the GÉANT GN4-3 project in creating a new, performant and feature rich open routing platform. It combines the FreeRouter control plane and a P4/DPDK data plane. Running on a 32 x 100G Wedge with the Tofino forwarding chipset it can deliver Terabits/s of networking at line rate.
The coupling of RARE + FreeRouter gave birth to ROS (the RARE Operating System), which provides an impressive list of feature (see the complete feature list athttps://wiki.geant.org/display/RARE/) that supports various data centre architectures. ROS provides also all the management requirements (TACACS, configuration management, monitoring with Prometheus) allowing ROS to be production ready. The current hardware on which ROS runs was designed for data centre and used in FaceBook data centre.