Conditional Entropy - School of Science and Technology - University ...

fullgorgedcutΔίκτυα και Επικοινωνίες

24 Οκτ 2013 (πριν από 3 χρόνια και 5 μήνες)

61 εμφανίσεις

Virtual Infrastructure

C27_B259,


MSCS building, UNE, Armidale, NSW, Australia

on

Friday, 25th May 2007 from 12 to 1pm.



by

Dr. Charles R. Watson

School of Maths, Stats and Computer Science

University of New England, Armidale NSW 2351

URL:
http://mcs.une.edu.au/~cwatson7/I/VirtualInfrastructure.ppt




25th May 2007

Virtual Infrastructure

Overview


Digital Communications Technology


Voice over IP


Integrity and Availability


Security


Discussion: cost
-
neutral improvement of
our virtual infrastructure

25th May 2007

Virtual Infrastructure

Transmission Media

25th May 2007

Virtual Infrastructure

Wireless LAN Architecture

25th May 2007

Virtual Infrastructure

Ethernet: CSMA/CD

Carrier Sense Multiple Access with Collision Detection

25th May 2007

Virtual Infrastructure

Protocol Analyzers

Traffic displayed by protocol type

25th May 2007

Virtual Infrastructure

Wide Area Network

25th May 2007

Virtual Infrastructure

Gateways

25th May 2007

Virtual Infrastructure

Client/Server Communication

25th May 2007

Virtual Infrastructure

Satellite Internet Access

25th May 2007

Virtual Infrastructure

Satellite Internet Access
(continued)

Dial return satellite Internet service

25th May 2007

Virtual Infrastructure

WAN Technologies Compared

25th May 2007

Virtual Infrastructure

WAN Technologies Compared
(continued)

25th May 2007

Virtual Infrastructure

Voice
-
over
-
IP


Cisco AS5300

is the core AARNet Gateway.


Voice card for Cisco 3660


Skype

is a
peer
-
to
-
peer

Internet telephony

network

founded by the
Niklas Zennström
.


It competes against existing open
VoIP

protocols
such as
SIP
,
IAX
, and
H.323
.


Rapid growth in free and
paid services
.


Features include


free voice and video conferencing,


its ability to use
peer to peer

(decentralized) technology to
overcome common
firewall

and
NAT

(
Network address
translation
) problems

25th May 2007

Virtual Infrastructure

VoIP (continued)

Accessing a VoIP network from traditional telephones

25th May 2007

Virtual Infrastructure

VoIP (continued)

Accessing a VoIP network from IP phones

25th May 2007

Virtual Infrastructure

Internet Group Management Protocol


Network layer protocol that manages
multicasting allowing one node to send data
to defined group of nodes


Routers use IGMP to determine which nodes
belong to multicast group and to transmit data
to all nodes in that group


IGMP can be used for online video and
gaming, and allows more efficient use of
resources


UDP
-

User (Unreliable) Datagram Protocol is
faster and more efficient than TCP for
lightweight or time
-
sensitive purposes, e.g.
IPTV, audio
-
visual streaming media


25th May 2007

Virtual Infrastructure

Real world example

http://en.wikipedia.org/wiki/Streaming_media



One
hour

of video encoded at 300 kbit/s (this is a typical broadband
video for 2005 and it's usually encoded in a 320
×
240 pixels window
size) will be:


(3,600 s ∙ 300 kbit/s) / 8,388.608 = 128.7
MiB

of storage


If the file is stored on a server for on
-
demand streaming. If this
stream is viewed by 1,000 people using a
Unicast

protocol, you
would need


300 kbit/s ∙ 1,000 = 300,000 kbit/s = 300
Mbit/s

of bandwidth


This is equivalent to 125.73
GiB

per hour. Of course, using a
Multicast

protocol the server sends out only a single stream that is
common to all users. Hence, such a stream would only use 300
kbit/s

of bandwidth.

25th May 2007

Virtual Infrastructure

Integrity and Availability


Integrity refers to the soundness of network files, systems, and
connections


Fault tolerance is a system’s capacity to continue performing despite
unexpected hardware or software malfunction


A UPS is a battery power source that prevents undesired features of
the power source from harming the device or interrupting its services


Backup rotation provides excellent data reliability without overtaxing
network or requiring much intervention


Disaster recovery is the process of restoring critical functionality and
data after an enterprise
-
wide outage


Critical servers often contain redundant NICs, processors, and/or
hard disks to provide better fault tolerance


Server mirroring involves utilizing a second, identical server to
duplicate the transactions and data storage of one server


Clustering links multiple servers together to act as a single server


25th May 2007

Virtual Infrastructure

Redundant Array of Independent
(or Inexpensive) Disks

RAID Level 5

disk striping with distributed parity

25th May 2007

Virtual Infrastructure

Fully redundant T1 connectivity

Redundancy provides load balancing and
fault tolerance
.

25th May 2007

Virtual Infrastructure

Security


Choosing secure passwords is one of the easiest and
least expensive ways to guard against unauthorized
access.


A security policy identifies an organization’s security
goals, risks, levels of authority, designated security
coordinator and team members, responsibilities for each
team member and each employee, and strategies for
addressing security breaches.


A firewall is a specialized device that selectively filters or
blocks traffic between networks.


A proxy service is a software application on a network
host that acts as an intermediary between the external
and internal networks, screening all incoming and
outgoing traffic.



25th May 2007

Virtual Infrastructure

Physical Security

Badge access security system

25th May 2007

Virtual Infrastructure

Authentication

A RADIUS server providing centralized authentication

25th May 2007

Virtual Infrastructure

Domains = Organizational Units

25th May 2007

Virtual Infrastructure

Trust Relationships

25th May 2007

Virtual Infrastructure

Trust Relationships (continued)

Explicit one
-
way trust between domains in different trees

25th May 2007

Virtual Infrastructure

Public Key Encryption

25th May 2007

Virtual Infrastructure

Proxy Servers

A proxy server used on a WAN

25th May 2007

Virtual Infrastructure

Network Address Translation

25th May 2007

Virtual Infrastructure

Deep packet inspection

http://en.wikipedia.org/wiki/Deep_packet_inspection



Deep packet inspection

(
DPI
) is a form of
computer network

packet filtering

that
examines the
data

part of a through
-
passing
packet
, searching for non
-
protocol
compliance or predefined criteria to decide if the packet can pass. This is in contrast
to shallow packet inspection (usually called just packet inspection) which just checks
the
header

portion of a packet.


DPI devices have the ability to look at Layer 2 through Layer 7 of the
OSI model
. This
includes headers and data protocol structures. The DPI will identify and classify the
traffic based on a signature database


A classified packet can be redirected, marked/tagged (see
QoS
), blocked, rate
limited, and of course, reported to a reporting agent in the network.


Many DPI devices identify flows rather than a packet by packet analysis.


DPI allows phone and cable companies to "readily know the packets of information
you are receiving online
--
from e
-
mail, to websites, to sharing of music, video and
software downloads"
[1]

.


DPI is also increasingly being used in security devices to analyze flows, compare
them against policy, and then treat the traffic appropriately (i.e., block, allow, rate
limit, tag for priority, mirror to another device for more analysis or reporting).

25th May 2007

Virtual Infrastructure

Project Management

25th May 2007

Virtual Infrastructure

NCRIS



National Collaborative Research Infrastructure Strategy (NCRIS) projects

http://www.ncris.dest.gov.au/


5.16 Platforms for collaboration


5.16.1 Data access and discovery, storage and management


5.16.2 Grid enabled technologies and infrastructure


5.16.3 Technical expertise


5.16.4 High performance computing


5.16.5 High capacity communications networks


"Platforms for Collaboration" will develop our strengths in other NCRIS
categories:



Evolving Bio
-
molecular Platforms and Informatics



Integrated Biological Systems



Biotechnology Products



Networked Bio
-
security Framework



Structure and Evolution of the Australian Continent



Terrestrial Ecosystem Research Network



Population health and clinical data linkage

25th May 2007

Virtual Infrastructure

Discussion


Future virtual infrastructure


Email spam


voice
-
over
-
IP


multicasting


firewall configuration


federated identity management


intellectual property protection


cost
-
neutral deployment


rapid obsolescence