Cybersecurity

Experimental facilities connect to two physically separate layers:

  1. The commodity campus network is used for all computing that is focused on providing services to humans, teaching, administration, email and web browsing.
  2. The science DMZ uses dedicated fiber interconnects and has its own governance structure to allow rapid response to the needs of research projects with separate security measure and policies. The backbone runs at 200 Gbps and several high-data-transfer sites are connected at 40 GBps. In addition, UF has implemented Virtual Routing and Forwarding (VRF) to a growing number of buildings, with the goal to cover all buildings by end of 2016. This allows any port to be connected to the science DMZ using the physical layer of the campus network. Thus, instruments can be connected directly to the science DMZ and the high performance data and computing systems on it

The units of Research Computing (RC) and Network Services (NS) in UF Information Technology (IT) manage the science DMZ and the research cyberinfrastructure on it. The unit of Information Security and Compliance (ISC) performs security scans of all networks including port scans of hosts and traffic sans for intrusion detection. It also performs security reviews of all systems.

The experimental resources interconnect with the HiPerGator compute cluster and GatorBox storage systems managed by RC. These systems are not directly accessible from the Internet or from the campus networks, only certain gateway nodes are, such as the login nodes, data transfer nodes running Globus, dropbox-like servers running ownCloud, the webservers, and web portal server nodes. These public facing nodes only open ports that are needed and are subject to regular scans by ISC to identify both active and potential problems. All access to resources operated by RC require authentication either through the local LDAP system or the campus Active Directory authentication system, called GatorLink.