Skip to Main Content
CWRU Links

Science DMZ


Subscribe to Our Mailing List

 

The Case Western Reserve University (CWRU) Science DMZ is a portion of the network, built at or near the campus or laboratory's local network perimeter that is designed such that the equipment, configuration, and security policies are optimized for high-performance scientific applications rather than for general-purpose business systems or "enterprise" computing. [1]

A Science DMZ integrates four key concepts:

  • A network architecture explicitly designed for high-performance applications, dedicated to scientific research and development (rather than production IT services supporting routine operational activities)
  • The use of dedicated systems for data transfer in support of scientific research, without (or with minimal) hindrance from firewalls within the Science DMZ
  • The capability to do performance measurement and network testing to characterize the network as part of the research and development process
  • Security policies and enforcement mechanisms that are tailored for advanced and high performance science environments [1]

The Science DMZ network design idea was introduced by the Energy Sciences Network (ESnet). Taken together with operational best practice, the components of the Science DMZ form a scalable, extensible model for the support of science applications at many research institutions. [1]

The CWRU Science DMZ implementation has been operational since Summer 2014 and has been funded through the National Science Foundation CC-NIE Award 1340938 (Bielefeld, PI). Additionally, the award permitted CWRU to increase the bandwidth of four research buildings from 1 Gbps to 10 Gbps and to implement a 100 Gbps network link to external research networks. The CWRU Science DMZ is operated by the Case Western Reserve's Division of University Technology, [U]Tech.

The CWRU Science DMZ includes dedicated network hardware for data transfer both within CWRU and connections to external networks. The security policies for the CWRU Science DMZ ensure maximum performance and base security. More finely tuned firewalling is done on a case-by-case basis on the networks and also done on individual research hosts, as well. Network performance and security monitoring allows CWRU UTech administrators to respond to and filter security threats as needed.

Figure 1 below shows the CWRU Science DMZ network topology. The core of the network is housed within the University's Kelvin Smith Library data center and provides 100 Gbps connectivity capacity to Internet2 and OARnet research networks. The High Performance Computing Cluster network was connected in Fall 2014 with 40 Gbps connectivity capacity. The HPCC network integration allows the HPCC high performance shared file storage to be integrated into the Science DMZ and allows future instrument integrations directly to the HPCC. Arista and Juniper networking equipment was selected for the CWRU implementation.

 

Case-Science-DMZ-Web.png

Figure 1: CWRU Science DMZ Deployment

[1] ESnet. "A Scalable Network Design Model for Optimizing Science Data Transfers". http://fasterdata.es.net/science-dmz/