ESnet’s Science DMZ Breaking Down Data Barriers, Speeding up Science

December 5, 2018

From individual universities around the country to a consortium of research institutions stretching the length of the west coast of the United States, networking teams are deploying an infrastructure architecture known as the Science DMZ developed by the Department of Energy’s Energy Sciences Network (ESnet ) to help researchers make productive use of ever-increasing science data flows. More recently, networks in other countries are also adopting the architecture.

Many networks are designed to support enterprise applications such as email, web browsing, and cloud-hosted business applications which use large numbers of small and complex connections. In contrast, research and education (R&E) networks are increasingly called on to move massive research data sets from experiments or science simulations between scientific facilities, supercomputer centers, and research laboratories. The performance and security characteristics of enterprise network traffic and science network traffic are quite different, and the Science DMZ architecture provides a means for research organizations to support both science and enterprise workflows in a secure and high-performance manner.

The Science DMZ traces its name to an element of network security architecture. Typically located at the network perimeter, a DMZ or demilitarized zone has its own security policy because of its dedicated purpose – exchanging research data with the outside world. A Science DMZ is specifically dedicated to external-facing high-performance science services and only high-performance science support services are provided by the Science DMZ.

Eli Dart, an ESnet network engineer, first coined the term “Science DMZ” in early 2010 to describe the network configuration linking two DOE sites – the Princeton Plasma Physics Laboratory in New Jersey and the National Energy Research Scientific Computing Center (NERSC) at Lawrence Berkeley National Laboratory in California. ESnet is supported by the DOE Office of Science and provides high-bandwidth connections between 40 DOE sites in the U.S. and links to collaborators around the globe.

Dart formalized the Science DMZ idea in 2010 and in February 2011 took it to a broad audience at a leading conference for the international networking community.

Since then, the concept has been endorsed by the National Science Foundation (NSF), which has provided $120 million to support Science DMZ implementations at more than 100 universities. Several other federal research organizations are considering adopting the architecture. The NSF has also funded a $5 million, five-year program to link together the Science DMZs at dozens of west coast universities and other research institutions known collectively as the Pacific Research Platform.

ESnet staff and colleagues from other network organizations have also conducted a number of outreach programs to inform research institutions about deploying and using Science DMZs.

Although ESnet is well known for its expertise in supporting the transfer of datasets across the country and around the globe, for the past four years the facility's staff has also been transferring their networking expertise to staff at other research and education organizations.

Partnering with Internet2 and Indiana University, ESnet co-led 23 workshops as part of the Operating Innovative Networks series. Representatives from Globus, which developed software to facilitate the transfer of large research datasets, also provided support. Each two-day workshop followed the same agenda with the Science DMZ being a primary topic on the first day.

Each workshop was held at a different location and sites were usually chosen by working with regional research and education (R&E) networks. This allowed smaller organizations to tap into the combined expertise of the of the workshop leaders and also made the workshops more accessible to staff at institutions without large travel budgets. Through both in-person and online workshops, the organizers reached an estimated 750 network employees at 360 institutions in 39 states and 38 other nations.

In 2016, ESnet and the University of Oregon’s Network Startup Resource Center (NSRC) produced and released a library of 15 short videos detailing the Science DMZ network architecture to help network engineers around the world gain fundamental knowledge, set up basic systems and drill down into areas of specific interest. For network engineers striving to establish basic R&E infrastructure where bandwidth and other resources are scarce, NSRC is often the primary information conduit. NSRC staff travel to emerging nations in Africa, Asia-Pacific, Middle East and South America where they hold intensive hands-on training courses, including the videos, combined with direct engineering assistance to bring institutions up to speed.

Berkeley Lab’s Sean Peisert, a cybersecurity researcher in the Computational Research Division, was the lead author of a paper published Friday, Oct. 6, 1917 by the Journal of the American Medical Informatics Association describing how the Science DMZ architecture could be adapted to meet the needs of the medical research community.

Read more about the Science DMZ.