Mar 2017: SDN and IAM Integration at Duke

Over the past 4 years, Duke has established SDN bypass networks, an SDN mediated Science DMZ, and other services that rely on identity data about the users and the equipment at Duke. One such service is the Protected Research and Data Network (PRDN), which makes use of our Identity Management (IDM) services both for Duke researchers and their collaborators at other institutions.

In this presentation we will discuss the path that Duke took to implement our network, link the various pieces together and the security model used to protect the network and detect unusual activity. Web based access to services provided inside of our PRDN allow for simple implementation of multi-factor authentication and we will present some novel methods for providing access to both Windows and Linux services inside of a browser. We will also discuss Plexus, our Ryu based SDN controller, and our plans around the firewall/proxy management application, Locutus, that allows us to support multiple controllers in different spaces of our network (alternative to flow space firewall). A short discussion of our ability to integrate with GENI/exoGENI sevices, AL2S, and our regional SDN project will be included.

This talk is presented by Duke University's Richard Biever and Charley Kneifel.