National Knowledge Network Status, Services & Challenges Second NKN Annual Workshop 17 th October 2013
NKN:- Member Educational Security Agencies Institutions National Labs CDAC/CSIR/DAE/ISRO/ICAR/MoES EDUSAT National NKN Internet Exchange IIT/IIM/Universities Points (NIXI) NIT/ INTERNET Connections to Medical Colleges /Hospitals /ICMR Global Networks (e.g. GEANT/TEIN4) National / State Data Centers/ Networks
NKN:- Status of Connectivity Particulars 2013-14 07 Super Core PoPs 24 Core PoPs 1500 (Further, 400 institutes to be Total number of institutes to be allocated under NKN migrated from NMEICT) No of Institutes allocated to TSPs for 985 connectivity (till date) 823 No of Institutes commissioned under NKN 283 No of Institutes migrated from NMEICT to NKN Total no of core links allocated ( more details in 89 table below) Total no of district links allocated (more details 250 (Total 850 to be allocated) in table below)
NKN:- Status of Connectivity Member Institutes Institutes Institutes TSP (Provisioned/Comm ( Allotted ) issioned) BSNL 138 113/113 District Links (1 Gbps) RAILTEL 373 340/300 Link s Links TSP ( Allot (Provisioned/Commissioned) ted ) PGCIL 343 315/296 128 111/41 RAILTEL MTNL 63 52/52 104 52/38 PGCIL NKN 68 62/62 BSNL 18 14/13
Applications Virtual Classroom Applications
NKN: National Research Network Research Infra Synergistic Growth Scientists Across Disciplines Research Inter- Coherent disciplinary Synergy Goal
Application Grid Brain Grid Application Grids
NKN Services
The NKN Authentication Framework “The LDAP PaaS ” • Cloud based LDAP Server • Facility to replicate any other directory server situated at institute level “ The NKN Application Token Manager “ • Open authentication server for third party applications to integrate into NKN's single sign-on service delivery framework.
The NKN BitAmbulator Cloud based multitenant storage service which provides configurable amount of storage on cloud to NKN members. The platform is available on web & on android. The authentication is done through the NKN's authentication framework hence it also enables end institutes to manage their own users Contact us: support.store@nkn.in
Bandwidth Monitoring Service Bidirectional bandwidth tests between your desktop computer and the server located at NKN Point of Presence (PoP). This service also determines the bandwidth available in the NKN super core network by performing bandwidth test on NKN super core links. Servers located at NKN super core PoPs (Delhi, Hyderabad, Bangalore, Chennai, Kolkata, Mumbai and Guwahati). Contact us: support.perf@nkn.in
Open Source IP Registrar (OSIR) OSIR is a full feature solution that provides Dynamic Host Configuration Protocol (DHCP) service and delivers client management feature. Link Management Lease Auto Management Installation OSIR Failover Policy Management Management Client Management Contact us: support.osir@nkn.in
Smart Class Based on e-learning technology benefitting remotely based school and colleges to meet the demand of good teachers and quality education. At present, around 50 institutes and colleges are connected and attending expert lectures delivered from academy of administration Bhopal using smart class facility along with teachers of their local institutions. Contact us: support.mp@nkn.in
DNS Cache Servers NKN Cloud Reply Reply Request Request The server IP is 14.139.5.5 (anycast) Contact us: support.dns@nkn.in
DNS Zone Servers Reply Reply DNS Root NKN Cloud Servers Reply Zone Domain.ac.in Domain.ac.in Domain.ac.in Domain.ac.in Reply transfer to Institute DNS Internet NKN Zone transfer to NKN DNS slave server on NKN cloud Contact us: support.dns@nkn.in
MX Service Internet Email to domain.in NKN Cloud Scanned Scan Mails Mails Institute Contact us: support.mx@nkn.in
Relay Service This service is primarily used by applications in Data Centres of various Institutions that are configured for sending mails as part of the feedback /intimation process to users. Contact us: support.mx@nkn.in
SMS Gateway Service This service is useful for the users/application to send alert notification using SMS PUSH Service PULL Service Email to SMS used by application used by user to query User gets email to send alert SMS like the application and notification as SMS. notifications, gets required Notification also information etc information in reply includes the content using SMS of the email Contact us: smssupport@nkn.in
Challenges ----- ”A Few “ Core Link Bandwidth Management/ Failure Management Central Log Collection & Management Configuration Management Identification of Risks / Threats & Attacks
Core Link Bandwidth Management/ Failure Management Traffic Indications on Various Links ( Profile) Visualising how traffic moves Movement of Traffic through optimised path ( Failure Management)
Analyze Routing Behaviour
Traffic Rerouting on the fly to accommodate predicted traffic increase
Centralize Log Collection and Monitoring Logging is critical to understanding the events taking place on the network This includes fault management as well as security management Logs aid in understanding current, as well as historic security events Logs should be stored centrally on a secure, highly available server In addition to being collected, logs must be monitored for signs of unauthorized events A structured approach to log review should be implemented Log Anonymity( Data for Research )
Configuration Management A process by which configuration changes are proposed, reviewed, approved, and deployed In this context, three aspects of configuration management are critical Impact of proposed changes: the security ramifications of network changes much be understood Security of stored data: network device configurations contain sensitive data and must be stored securely Archival: helps unwind changes that may have been made maliciously or with negative security impact Work in Progress to Develop the NMS ( catering to NKNs requirements and also adhering to FCAPS)
Identification of Risks / Threats & Attacks Attacks Description Resource Denial Of Service attack: Either Direct, transit, through Exhaustion reflection. Attacks Spoofing Packets that masquerades details like source IP Attacks address to gain access which otherwise was denied. Prevents upper-layer communication between hosts or hijacks established session Transport Protocol Exploits previous authentication measures Attacks Enables eavesdropping or false data injection Routing Disrupts routing protocol peering or redirects traffic Protocol flows. ( Like a device can act as a router and Attacks participate with the other legitimate ones)
Identification of Risks / Threats & Attacks Attacks Description IP control- Attacks against DHCP, DNS, NTP & anything that plane / IP punts CPU Services Unauthorized Attempts to gain unauthorized access to restricted Access systems and networks. ( AAA) Software defect that may compromise Software confidentiality, integrity, or availability of the device Vulnerabilities and data plane traffic. (Latest Patches)
Indigenization Secure Secure Network Network Access Access System System Resilience, Survivability E E End System Security Mid Mid D D Range Range Router Router Architecture C Topology Information Creation and Network Search Management Analytics Based on Engine Dark Fiber C D D Mid Mid Range Range Network Router Router E E Management System Secure Secure Network Network Access Access System Typical ICT Infrastructure System Src: Prof SVR
Coming Up Soon • Webcasting Services ( Live & VOD) • CDN • URL Filtering Services ( Out of band) • DDOS Protection Services
Thank You Project Implementation Unit National Knowledge Network National Informatics Centre 3rd Floor, Block III, Delhi IT Park, Shastri Park, New Delhi - 110053
Recommend
More recommend