Skip navigation and jump directly to page content

 IU Trident Indiana University

UITS Research Technologies

Cyberinfrastructure enabling research and creative activities
banner-image

Indiana University's Science DMZ

The Science DMZ was developed to facilitate research in science and in particular cyberinfrastructure-enabled science. A Science DMZ integrates four key concepts:

  • A network architecture explicitly designed for high-performance applications, dedicated to scientific research and development (rather than production IT services supporting routine operational activities)
  • The use of dedicated systems for data transfer in support of scientific research, without (or with minimal) hindrance from firewalls within the Science DMZ
  • The capability to do performance measurement and network testing to characterize the network as part of the research and development process
  • Security policies and enforcement mechanisms that are tailored for advanced and high performance science environments [1]

This network design idea was introduced by the Energy Sciences Network (ESNet).

Indiana University has operated a Science DMZ since 2004 – previously referred to as the Research Technologies’ (RT) network. The IU Science DMZ is operated by the UITS Research Technologies Division and the IU GlobalNOC.

The IU Science DMZ includes dedicated network hardware for data transfer both within IU and connections to external networks. The network is monitored and provides both live and historical performance data via web interface [2]. The security policies for the IU Science DMZ ensure maximum performance and base security. More finely tuned firewalling is done on a case-by-case basis on the networks and also done on individual research hosts, as well. Network performance and security monitoring allows GlobalNOC administrators to respond to and filter security threats as needed.

Figure 1 below shows the IU Science DMZ network topology. In this, the Research Data Pod network is shown on the bottom right. Connections to research resources are generally over 20gpbs, 40gpbs, or 100gpbs links. Research systems such as Big Red II and Data Capacitor II are connected directly to the Brocade MLXe-16 that links to IUPUI over a 100gbps link and to the external network via a dedicated portion of the 100gbps link to the Indiana Gigapop.

RT Science DMZ

[1] ESNet. “A Scalable Network Design Model for Optimizing Science Data Transfers”. http://fasterdata.es.net/science-dmz/