The GARR-X Progress Service portfolio
The project offers a wide portfolio, including diverse services from network services to Digital Identity management, to mobility, videocommunication and file sharing. IaaS computing and storage services are also available.
The connectivity service offers a symmetrical fiber interconnection to the high-bandwidth Research and Education Network system worldwide and to the Internet. Two profiles are available: basic and advanced.
The basic profile is intended for schools and other organisations with limited bandwidth requirements, including libraries, research spin-offs, and secondary sites of larger research organizations; it is implemented via a fiber link to an aggregation point between the user site and a concentration point, from where the traffic is routed to the GARR PoP. The bandwidth capacity for this profile will be between 100Mbps and 1Gbps depending on the user requirements.
The advanced profile is intended for large Research and Education users organizations, which have demanding network requirements, and is implemented via a direct fiber link to the GARR PoP. Depending on user requirements, a certain site can be interconnected with a single link or provided with a backup link with a different path, to protect the interconnection in the event of network failures. Bandwidth capacities for this profile may range from a minimum of 100Mbps to multiples of 10Gbps, and easily upgradable in case of increased bandwidth demand.
Both profiles will be supported by the GARR Network Operations Center (NOC), which ensures the maintenance of the network infrastructure, as well as of new link activations and upgrades, network faults management, and the collection of network statistics.
END-TO-END NETWORK CONNECTIVITY
Upon request, users can request tailored end-to-end connectivity services to implement direct virtual or optical links between two or more sites, in order to segregate traffic generated by different applications, extend their data centers over a wide area network, and share resources transparently. These services, which are billed separately from the network access fee, can be activated or deactivated on demand for the required length of time only. Depending on technical requirements, the user can choose between three types of service:
- end-to-end circuit: end-to-end connectivity service exploiting the DWDM transmission layer, which is characterized by very low latency and capacities up to 100 Gbps.;
- L2-VPN: level2 virtual private networks, exploiting the IP/MPLS technology;
- L3-VPN: level3 virtual private networks, exploiting the IP/MPLS technology.
MOBILITY AND DIGITAL IDENTITY
eduroam (Education Roaming) service offers a secure access to wireless networks for roaming users from the Research and Education community. Users visiting an eduroam member organization can access the local wireless network (WLAN) with the same credentials (username and password) they use at their home institution and without any action by the hosting organization’s ICT staff.
IDEM (Identity Management for federated access) offers a secure SSO access to online contents and services shared by different organisations. Thanks to the federated approach, users from organisations belonging to the IDEM federation can access resources with their usual credentials and through a standardized authentication procedure (single sign on), while enjoying high standards of privacy and preserving the confidentiality of resources, which can be only accessed by authorized users. IDEM is part of eduGAIN, the worldwide research and education interfederation, which extends the benefits of the federated SSO on a global level.
The GARR Certification Service, issues digital certificates to persons (to sign or encrypt documents) and servers (to protect a link or certify the identity of a server to ensure secure transactions).
VOICE AND VIDEO COMMUNICATIONS
GARR Vconf, Vconf is the multivideoconference service which enables audio and video communication among up to 80 sites. The service is compliant with most common hardware and software clients and is also available in HD version.
NRENum, offers to GARR member organizations which use VoIP a public numeration space that can be reached via IP.
The CERT, service assists GARR users in managing security incidents and enforcing preventive measures to reduce security risks.
In addition, the SCARR, SCARR on-demand security scan service allows ICT personnel from user organizations to carry out vulnerability tests on servers and receive a detailed report on security issues and their possible solutions.
IP ADDRESSES, DOMAINS, DNS
Thanks to GARR-X Progress, users will be able to use infrastructure and software resources in a simple and flexible way under the cloud paradigm. Access to cloud services in SaaS mode will be ensured through the IDEM identity federation service. Some of the Cloud application services are included in the GARR access subscription, while others will be charged separately.
The project will provide a distributed data storage service, which will integrate existing resources made available by the community (universities, research institutions, computer farms such as Re.CA.S and CRESCO) with those deployed specifically for the project, thus offering a more robust service. The service will include two profiles:
- Big Data Storage, intended for large organizations and projects;
- GARRbox Personal Data Storage, intended for end users such as teachers and researchers, who will thus be able to store data and share them securely with their colleagues.
The cloud service portfolio also includes:
Filesender,a web-based application allowing users to securely send large files.
Virtual Server, , which makes available computing resources on configurable virtual machines accessible over the network.
Web hosting, offering an out-of-the box solution for the virtualized hosting of web servers.
IDP in Cloud, a service implementing a virtual Identity Provider to facilitate organizations in joining the IDEM Identity Federation. Depending on requirements, the service can be configured in three modalities:
- Full: includes SaaS IdP, LDAP server, web management interface;
- Replica: includes PaaS IdP and LDAP server;
- Smart: includes only the PaaS IdP
Support to high availability of critical ICT services:
a combination of the Virtual Server and Big Data Storage services, it allows the user to replicate data and applications of an organization or research group (e.g DNS, web, DB, mail server, etc) on the cloud platform, thus ensuring high levels of redundancy thanks to a configuration without single points of failure and overprovisioning.