Science DMZ
On This Page
ITS supports faculty and research projects at UCSC through the Science DMZ and related services. The Science DMZ offers a 100 Gbps network connection between UCSC and participating institutions.
Consulting services for how to use the existing Science DMZ are available at no charge. Support is provided through the collaboration of several ITS units, including Academic Divisional Computing (ADC), Core Technologies, and Research and Faculty Partnership.
The work to build the Science DMZ was funded by a grant from the National Science Foundation (award number ACI-1341039).
Features
A Science DMZ offers a network environment that is tailored to the needs of high performance science applications, including large data transfers, remote experiment control, and data visualization. It addresses common network performance problems for participating research institutions.
Get Started
- Access to the Science DMZ network
- Access to data transfer nodes through Globus
- Access to network performance-measurement tools through perfSONAR
- Access to shared storage using Ceph, hosted at UCSC, that can be mounted on researchers’ own servers
- Layout of the Science DMZ at UCSC (PDF)
- Request Science DMZ consulting
Background: A Science DMZ has the following elements as described by the US Department of Energy’s Energy Sciences Network (ESnet):
- High-speed, low-latency network with equipment, configuration, and security policies that are optimized for high-performance scientific applications, rather than for general-purpose business systems
- Dedicated high-performance data transfer nodes that optimize the transfer of large datasets over long distance
- Performance-measurement nodes
- Access to shared storage
Roles and Responsibilities
The Science DMZ team collaborates across ITS departments to work with faculty and researchers to:
- Help select system/network hardware and software
- Develop specifications for new equipment
- Configure hardware, software, and operating systems
- Optimize the network stack for high-speed data transfer
- Provide consultation services for how to connect to the Science DMZ or Data Center hosting
- Provide an estimate for one-time and ongoing costs for direct connection to the Science DMZ, for connections outside the Data Center
Client Responsibilities
- Learn how to use Globus
- If a connection outside the ITS data center at speeds above 1 Gbps is required, costs are a client responsibility
- Move data to the Data Transfer Network (DTN)
- Review ESnet usage policy
- Maintain your hosts in accordance with security best practices
- Review related services
Availability
While these services are generally available 24x7, they are optimized for throughput and not for high availability. Support is provided during business hours.
The Science DMZ is not a typical administrative, production network; it is a research-driven service, and therefore changes are implemented in a more dynamic/agile way than for a traditional network. The team uses their best effort to maintain the availability of these services in collaboration with other members of the Science DMZ world.
For planned maintenance, the UCSC Data Center follows the ITS Change Management Process, and planned changes are posted on the ITS Maintenance Calendar. Consumers of this service will also be added to an announcement-only email list, and notified of changes that will impact services. Please schedule large jobs according to available information.
Data Security
If you are working with sensitive data, you have special security requirements which should be covered in your data-management plan, and may not be met by this service. Consult with us about how to provide the needed protections while taking advantage of the Science DMZ. The Science DMZ and related services are always appropriate for non-sensitive data.
More information about research compliance at UCSC.
Traffic on the Science DMZ is monitored by the Information Security team, and system owners will be notified of identified security issues. For hosts in the Data Center, additional security hardening is provided by the standard tools including application scanning, packet capture, and IDS/IPS; centralized logging and authenticated server scanning are also available.
Eligibility
The Science DMZ and related services are available to UCSC faculty, graduate students, researchers, and for undergraduates with a faculty sponsor.
To connect to the high-speed network, equipment must be appropriately configured; equipment in the Data Center must meet Data Center Standards.
Cost
Machines hosted in the Data Center can use the Science DMZ at no charge.
The Science DMZ team will help with estimates for one-time and ongoing costs for direct connections to the Science DMZ outside of the Data Center.
Related Services
More information
- The Science DMZ: A Network Design Pattern for Data-Intensive Science (access to IEEE content is available from the UCSC campus network or VPN)
- Josh Sonstroem’s presentation: "Of Mice and Elephants: The Science DMZ and You"
- UC IT Blog: Helping Scientists Understand Research Cyber Risks using the Open Science Cyber Risk Profile tool (September 2017)
- ITS announces the Science DMZ project (November 2014)
Policy Information
- Acceptable Use Policy
- UCSC Password Strength & Security Standards
- UC Minimum Security Standard
- Electronic Communications Policy (ECP)
- UCSC Office of Research
- Security Controls by Information Security Level (IS-3)
Standards
Service Levels Agreements
- Data Center Services
- Network Services
- ITS and Campus SLA (includes other components of the Science DMZ)
Get Help
The Science DMZ team will provide best-effort support, including configuration and troubleshooting for:
- Transfer issues for large datasets
- Remote-transfer techniques, including using Globus
- Using perfSONAR to monitor end-to-end network performance