2024 INTERNET2
Technology Exchange
Tutorials
December 9-13 Boston, Mass.
Learn and Share Your Expertise
2024 Technology Exchange Tutorials, Workshops, and Co-located Meetings are held Monday, December 9 and Friday, December 13
The Technology Exchange, held at the Boston Marriott Copley Place, Boston, Mass., brings together our community to share technical expertise, impart lessons learned, and discuss visions for the future. As a bonus, our community also offers tutorials where we train each other. Please review the topics below! This year, we offer 20 tutorials and 3 co-located meetings throughout the day on Monday and Friday.
NOTE: All events on this page require separate registration through the same portal. Most have an associated fee to help defray costs. To participate in these tutorials and co-located meetings, you must register for the appropriate event as part of your overall registration. (View our event registration page for more details.) Space is limited for each of these, so plan to register early! All activities take place at the host hotel, the Boston Marriott Copley Place.
Tutorials (Monday, December 9)
Friday, Dec. 13 (Tutorials and Co-Located Meetings)
| Time | Session |
|---|---|
| 9 am- 5 pm | NetGurus |
| 8:30 am-4:30 | SecureShow: Privacy & Security Quiz Challenge |
Monday Half-Day Morning Tutorials:
eduroam: The Technical RADIUS Tutorial | 8-11:30 am
Who should attend? Technical networking folks who usually attend TechEx and would like to get more hands on and weedy with eduroam.
Topics covered will include:
- Configuring and optimizing RADIUS
- Troubleshooting RADIUS
- Catching weird eduroam specific problems like UDP fragmentation and MTU issues
- Configuring to US eduroam best practices
SSH MFA Any Way You Want It | 8-11:30 am
Managing SSH access and ensuring security with Multi-Factor Authentication (MFA) can be a complex task for system administrators. The right configuration can make all the difference, but it can be challenging to cater to different user preferences and requirements. Are you ready to streamline your SSH MFA setup?
In this tutorial, we'll explore how to integrate MFA seamlessly into your SSH environment using OpenSSH and PAM. Whether you prefer using SSH security keys with passphrases or need to accommodate users with regular SSH keys and PAM-based MFA, we've got you covered.
This tutorial will cover:
- Understanding the problem with traditional MFA and SSH configurations
- Leveraging OpenSSH's new features to enhance security
- Implementing two practical solutions: pam_exec and pam-ssh-auth-info
- Comparing the advantages and disadvantages of each approach
- Step-by-step guides for setup and configuration
Join us to learn how to provide a secure and user-friendly SSH MFA experience, tailored to meet diverse needs.
The Fundamentals of Setting up and Populating
a Network Source of Truth | 8-11:30 am
A hands-on workshop with labs that will walk users through establishing an intended state model of the network and onboarding devices. The workshop will focus on best practices and proven processes for deploying a Network Source of Truth (NSoT). The workshop will focus on best practices and proven processes for deploying a Network Source of Truth (NSoT). For the intended state model the key areas covered will include approaches to defining the intended state and best practices for capturing this as a model in the NSoT. The device onboarding section will concentrate on best practices for this, starting with bulk import options and tools that are available for the majority of devices, and then then identifying additional processes to address any remaining devices.
Implementing Precise Measurements and Security Apps using P4 Programmable Data Planes | 8-11:30 am
Traditional fixed-function data planes have been characterized by a lengthy and costly development process at the hands of chip manufacturers. Recently, data plane programmability with P4 has attracted significant attention from both the research community and the industry, permitting network engineers to run customized packet processing functions in the data plane. One of the main features of P4 data planes is the real-time granular visibility of events.
This feature enables users to develop new applications that use precise measurements (nanosecond resolution) for network monitoring and cybersecurity. This tutorial will provide researchers, students, developers, and practitioners with an introduction to P4 programmable data planes, followed by applications that produce and use precise network measurements. The tutorial will include hands-on experiments conducted over a P4 software switch (BMv2), the host’s userspace with P4 and the Data Plane Development Kit (DPDK), and a physical switch (Intel Tofino).
The tutorial will first cover the fundamentals of programmable data planes: P4 building blocks, parser implementation, and match-action tables. Then, it will continue with network measurements and cybersecurity applications: monitoring queue occupancy; measuring flow statistics; measuring flow RTT and packet loss; detecting and mitigating SYN flood and DNS amplification attacks; and other applications.
Border Gateway Protocol: Concepts and Implementation | 8-11:30 am
The Border Gateway Protocol (BGP) is arguably one of the most important protocols, as it glues together the thousands of Internet Service Providers (ISPs) and Autonomous Systems (ASs) worldwide. As a widely used Internet protocol, network engineers must become familiar with BGP’s underpinnings and operation. Moreover, as high-speed networks are increasingly used to move Terabytes (TBs) of data across Internet2 and Research Education Networks (RENs), network engineers must have a good understanding of the various options and parameters involved in properly configuring BGP. A lack of detailed understanding of BGP has been raised several times in the networking communities (e.g., 2019 Technology Exchange Conference and recent workshops). Moreover, the need for a better understanding of BGP is also reflected by the frequent disruptive events attributed to BGP across the world.
This hands-on tutorial, [organized by the University of South Carolina (USC), International Networks at Indiana University (IU), and the Engagement and Performance Operations Center (EPOC)], will provide effective hands-on training on BGP, from concepts to real implementation, conducted in a safe, virtual environment. The tutorial will allow attendees to:
- deploy internetworks composed of multiple ASs connected via BGP, running a production-grade BGP implementation;
- manipulate BGP options and attributes without the fear of disruptions, thus enabling them to implement different policies;
- acquire advanced BGP routing skills; and
- familiarize with a platform that supports high-speed rates of 10 Gbps and above, using a real protocol stack implementation.
Attendees will be provided with detailed laboratory manuals and a training platform, accessible from the Internet using a regular web browser (no SSH, Telnet, or other requirements). Access to the training platform will be granted for six months. Other advanced topics will include MPLS and Multi-protocol BGP.
SciStream: Enabling Data Streaming between Science Instruments and HPC Nodes | 8-11:30 am
Memory-to-memory data streaming between scientific instruments and remote high-performance computing (HPC) nodes has emerged as a key requirement to enable online processing of high-volume and high-velocity data for feature detection, experiment steering, and other purposes.
In contrast to file transfer between scientific facilities for which a well-defined architecture exists in the form of science DMZ, data transfer nodes (DTN) and the associated tools, there is no well-defined infrastructure to enable efficient and secure memory-to-memory data streaming between scientific instruments and HPC nodes. It is especially important as both scientific instruments and HPC nodes lack direct external network connectivity.
SciStream establishes a well-defined architecture and control protocols with an open-source implementation to enable distributed scientific workflows to use their choice of data streaming tools to move data from scientific instruments’ memory to HPC nodes’ memory. In this tutorial, we will start with motivating the need for SciStream, describe the architecture and protocols that it uses to establish authenticated and transparent connections between producers and consumers; discuss design considerations, our implementation approach and evaluation results.
We will show a live demo of SciStream followed by hands-on exercises. We will also discuss our experience integrating and running real-world scientific applications with SciStream.
Google Cloud Administrator Basic Training | 8-11:30 am
Do you currently run Google Cloud (GCP) at your institution? If so, how deep is your admin bench? If not, are your turning away requests because no one has the skills to administer the environment?
Managing projects and developing applications in GCP requires some basic knowledge of the platform and certain skills with specific services. Managing your entire GCP organization requires a different set of skills entirely. Organizational administrators deal with folder structure, organizational policies, project provisioning, role management, billing ID management, credit management, and more. These skills are not in the average learning path or certification course.
In this session, we will take participants through the tools, concepts, and strategies necessary to manage your institution’s Google Cloud Organization. This training will give you an understanding of the key management tools in your GCP Org, how to wield them, and what the consequences are of the choices you'll need to make. You will come away with enough knowledge to make informed decisions on configuring and managing your Google Cloud organization so that your users can make use of the platform.
Azure Open AI | 8-11:30 am
Learn how to enable AI for your Institution in a secure and compliant way. In this hands-on workshop, participants will learn about:
- Securing Azure Open AI apps in Azure
- Deploying and managing Copilot and Azure AI Studio in a secure and compliant way
- Leveraging API Management for security and cost management
- How to take a blueprint approach for deploying AI apps
- How to monitor and manage your environment using Copilot for Security
- How to leverage Purview for AI Work to apply data controls that work with Copilots and AI apps
MONDAY DAY-LONG TUTORIALS:
perfSONAR Tutorial | 8 am-4:30 pm
Having trouble with your perfSONAR archive? Struggling with transition from MaDDash to Grafana? No idea what those first two questions mean? Then this is the tutorial for you!
This hands-on tutorial will walk participants through the process of installing, using, and customizing a perfSONAR installation from the ground-up. There have been numerous large changes in the perfSONAR project in recent releases, so this tutorial is relevant to both new and experienced perfSONAR users alike.
The workshop will cover concepts that will be directly relevant to not only building a new perfSONAR installation at your home institution, but also getting the most out of an existing installation. The first half of the tutorial will focus on setting-up a perfSONAR measurement host, central archive and Grafana instance to view results. The second half will focus on using Grafana to build custom dashboards.
The tutorial will be led by multiple perfSONAR developers, so will also be a great chance to ask questions and learn from the individuals building the software.
Cloud Networking 101: Networking To and Inside the Cloud Service Providers | 8 am-4:30 pm
The Internet2 Team (Scott Taylor and others) will lead participants through a deep dive into cloud networking. As a participant, you will leave this workshop with knowledge of the necessary networking components to operate a functional cloud environment with dedicated cloud connectivity.
During the first half of the workshop, we will cover the following topics:
- Overview and benefits of Internet2’s Cloud Connect service
- Necessary networking components for each of the Cloud Service Providers.
The second half of the workshop will allow participants to get hands-on with their newly acquired knowledge and build connectivity to and inside the cloud service providers.
A laptop will be required to participate in the hands-on portion. Further requirements will be shared with participants in advance of the workshop.
Get Good with GitOps | 8 am-4:30 pm
This tutorial will survey the technologies and techniques used in GitOps, a versioned and immutable declaration of an information system's desired state that's automatically deployed and continuously reconciled.
Attendees will start by creating a small serverless web app using Python, AWS Lambda, and AWS DynamoDB. After deploying the first version by hand, they will re-define the web app as an infrastructure-as-code project using OpenTofu. Attendees will review pre-commit hooks, atomic commits, Conventional Commits, and Semantic Versioning as they build their first continuous integration/continuous delivery (CI/CD) pipeline in GitHub Actions.
To avoid breaking their new production web app, attendees will isolate further development in Git feature branches. They'll follow the red-green-refactor pattern of test-driven development, and they'll make sure that their production deployments reproduce what they tested. At each step, attendees will rely on their build tooling and their CI/CD pipeline to reduce development and operational effort. And at the end of the tutorial, attendees will evaluate different deployment strategies and explore how they might adapt their test scripts to continuously validate their production environments.
Prerequisites:
- You will need a GitHub account.
- You will need administrator access to an AWS account. You should know how to use the AWS Management Console.
- It will help (but isn't required) to know how to program in Python and how to write HTML. It might also help to know how HTTP works.
- You should be familiar with the Linux command line and with nano or vim. It will help (but isn't required) to know how to use AWS CloudShell.
- You should know how to use Git (init/add/commit) with GitHub (clone/push/pull).
MONDAY HALF-DAY, AFTERNOON TUTORIALS:
Mobility Day at 2024 Internet2 Technology Exchange | 1-4:30 pm
A joint meeting on mobility (heavily influence with adoration from Mobility Day at TNC) will take place on Monday, December 9, 2024 at the Internet2 Technology Exchange. Mobility Day is an annual event, covering topics including eduroam, mobile networks, 5G, CBRS, WiFi 7, Internet of Things, Passpoint/Hotspot 2.0, and other mobility-related topics.
Mobility Day is supported by the eduroam-US Advisory Committee (eAC).
Secure Coding Practices and Dependency Analysis
Tools –Theory & Practice | 1-4:30 pm
Securing your network is not enough. Every service that you deploy is a window into your data center from the outside world, and a window that could be exploited by an attacker.
Our goal is to increase the number of people in the workforce who can act as defenders of our computing and data infrastructure.
In this tutorial, we cover weaknesses from the most recent "Stubborn Weaknesses in the CWE Top 25" list from MITRE. These weaknesses (coding flaws) are the ones most present in real-world security exploits and also the ones that have consistently stayed in the top 25 for at least five years. Attendees will learn how to recognize these weaknesses and code in a way that avoids them.
Another issue affecting the security of our cyber-infrastructure is the fact that its software depends upon a myriad of packages and libraries, and those come from different sources. Dependency analysis tools – tools that find weaknesses in the software supply chain and develop a software bill of materials (SBoM) – can catch flaws in those packages and libraries, and that affects the safety of the application.
The more programmers are exposed to training in addressing security issues, and the more they learn how to use dependency analysis tools, the bigger the impact that we can make on the security of our cyber-infrastructure.
Inter-Federation Incident Response (IR) in eduGAIN | 1-4:30 pm
In this tutorial, we want to raise awareness of the complexity of incident response in a large, federated environment like eduGAIN (https://edugain.org/), providing a trusted infrastructure for federated authentication.
The focus will be on the inter-federation aspect of IR, and what key players in IR can do, to deal with an incident requiring the collaboration of the operators (Federation, IdP, SP) contributing to the eduGAIN service, and the coordination with eduGAIN CSIRT.
Participants will be introduced to eduGAIN, the relevant security policies, the key security roles, and the IR supporting frameworks, such as SIRTFI.
Then, participants will have to deal with an artificial incident and apply the IR concepts presented before in a Table Top Exercise (TTX) set-up. The scenario was designed to consists of real world incidents.>
Each of the security roles involved in the “solution” will be taken by a group, in which the possible reaction to the developing incident response situation needs to be discussed and
the found reaction fed back to the incident coordinator.
The goal is to identify the organizational obstacles an operator may encounter during IR, and check if the existing procedures are clear.
The learning objectives include:
- IdP/SP logfile analysis (check for/find a reported Id).
- Know SIRTFI v2, and understand to apply it.
- Know how eduGAIN is organised, role of Federations, and eduGAIN CSIRT.
- Name the risks of Federated Identity Management.
Getting Started With Containerlab | 1-4:30 pm
This is a beginner-level, hands-on tutorial that provides an introduction to Containerlab, an environment that provides a CLI for orchestrating and managing container-based networking labs. It starts the containers, builds a virtual wiring between them to create lab topologies of users’ choice, and manages labs lifecycles.
This hands-on tutorial will cover:
- Installation
- Container images (container-native and VM-based NOSes)
- Topology file
- Basic lab deployment workflow
- Connectivity to the nodes
- Lab lifecycle
- VM-based lab
- Sharing the lab
- Troubleshooting and Wireshark pcaps
- Exploring the catalog of existing labs
Student Requirements: Personal laptop with an SSH client.
Network Technologies for Data Movement Supporting Research and Education on Campus Networks | 1-4:30 pm
This hands-on tutorial – organized by the University of South Carolina (USC) and the Minority Serving Cyberinfrastructure Consortium (MS-CC) – will discuss the challenges faced by campus networks when supporting science and engineering applications, particularly associated to research and education activities. Then, it will cover recent advances on network technologies that can solve or mitigate those challenges, and positively impact the performance of data transfers on campus networks. Topics include ScienceDMZs, solutions with and without Science DMZs, best practices on TCP congestion control, how to monitor networks with perfSONAR, fine-grained telemetry with programmable data plane switches, and others. Attendees will be provided access to hands-on training materials running on a virtual platform.
Outcomes: By the end of this tutorial, attendees will:
- Identify challenges faced by campus networks when supporting research and education.
- Describe network architectures, such as Science DMZ, that follow best practices.
- Deploy perfSONAR Version 5 to monitor network metrics and visualize them.
- Tune TCP parameters to achieve high-performance data transfers.
- Be familiar with new technologies such as P4 and DPDK to develop applications running at line-rate on servers and switches.
BGP and Route Policy for R&E Networks | 1-4:30 p.m.
Good BGP route policy is essential for routing security and to ensure your network traffic is making the best use of your R&E network connectivity and peering.
This hands-on tutorial will cover creating a complete BGP routing policy for your network and best practices for configuring BGP. We will also look at useful tools for troubleshooting BGP routing issues.
Fundamentals of Machine Learning on Google Cloud Platform | 1-4:30 pm
Many current scientific and research challenges can benefit from using machine learning to analyze and provide insights into large datasets. In this tutorial hosted by GCP, participants will learn how to leverage Jupyter Notebook environments in the Vertex AIWorkbench to utilize machine learning solutions on Google Cloud, including working with TensorFlow. This tutorial is geared toward those who support researchers and want to learn more about using cloud tools for predictive analytics.
Security for AI: Secure Your Environment for AI Apps | 1-4:30 pm
- Set up Azure Landing Zones for high-performance computing workloads
- Configure HPC clusters, networking, and resource management
- Work with Azure Batch and Monitoring to enable batch processing workloads
- Show how CycleCloud can be used to assist with bursting capabilities to On Prem.
Participants will have the opportunity to engage in practical exercises during the workshops, guided by experienced instructors. Azure resources will be provided to ensure a hands-on experience.
AWS GameDay | 1-4:30 pm
GameDay is a collaborative learning exercise that tests skills in implementing AWS solutions to solve real-world problems in a gamified, risk-free environment. This is a completely hands-on opportunity for technical professionals to explore AWS services, architecture patterns, best practices, and group cooperation.
AWS GameDay events are hands-on learning opportunities recommended for system administrators, solutions architects, technical account managers, developers and other technical roles of all skill levels. You will use the AWS Management Console extensively, as well as live AWS services to apply your technical knowledge to the challenges. AWS GameDay events cover a wide variety of cloud domains, so as long as you have some experience working on AWS, there will be lots of work for you to do!
AWS will provide all of the infrastructure and technology that you need in order to work through the different scenarios. You just need the following items:"
- Computer for hands-on participation
- Firefox or Chrome browser
- Microphone for voice chat and Camera for better interaction (highly encouraged)
- SSH client pre-installed: Putty (Windows) or SSH (Mac)
- AWS Command Line Tools (AWS CLI)
- Remote Desktop Client (RDP)
Sponsored by Four Points Technology
Co-Located Meetings (Monday, December 9)
REFEDS | 9 am-5 pm
The mission of REFEDS (the Research and Education FEDerations group) is to be the voice that articulates the mutual needs of research and education identity federations worldwide. The group represents the requirements of research and education. Come and join us to discuss updates to our annual work plan, working group progress and updates from the identity federation community.
Tutorials and Co-Located Meetings (Friday, December 13)
NetGurus | 9 am-5 pm
NetGurus is a group of campus Network Engineers/Architects that meet to contribute and learn from each other for the betterment of the broader education and research community. Participants discuss networking topics in a round table format to encourage open discussion and knowledge sharing.
Typically, they meet before or after a conference to discuss items of interest. Many times, topics are suggested ahead of time to encourage participation. To allow for orderly discussion and to maximize individual participation, meetings are limited to 30 attendees on a first come, first serve basis. Also, please limit participants to a max of two (2) per institution.
SecureShow: Privacy & Security Quiz Challenge | 8:30 am-4:30 pm
Dive into the dynamic world of data privacy and cybersecurity with our "SecureShow: Privacy & Security Quiz Challenge."
This engaging quiz show-style event offers attendees a unique opportunity to test their knowledge, sharpen their skills, and deepen their understanding of critical information security concepts. Through a series of fast-paced rounds featuring multiple-choice questions, true/false statements, and scenario-based challenges, participants will explore key issues such as encryption methods, compliance regulations, threat detection strategies, and incident response protocols. With interactive elements like buzzers and online polling tools, audience engagement is at the forefront, fostering a lively atmosphere of learning and competition. Join us for an exciting journey through the realms of information security, where every correct answer brings us one step closer to a safer digital future.
The quiz content will be designed to cover a range of topics within these domains, including but not limited to:
Encryption Methods:
- Questions assessing understanding of encryption algorithms, techniques, and best practices for securing sensitive data.
- Scenarios presenting encryption-related challenges and asking participants to identify the most appropriate encryption solution.
Privacy Compliance Regulations:
- True/false statements testing knowledge of relevant privacy laws, regulations, and compliance frameworks (e.g., GDPR, HIPAA, CCPA).
- Multiple-choice questions focusing on specific compliance requirements and implications for organizations.
Threat Detection Strategies:
- Scenario-based challenges simulating cybersecurity threats such as malware infections, phishing attacks, or insider threats.
- Questions exploring methods for detecting, mitigating, and responding to various types of security incidents.
Incident Response Protocols:
- True/false statements evaluating familiarity with incident response procedures, including incident classification, escalation, and communication protocols.
- Multiple-choice questions on incident response best practices, roles and responsibilities of incident response team members, and post-incident analysis.