There are four large universities in Ternopil, Ukraine: Ternopil National Economic University (TNEU) with about 25,000 students; Ternopil State Technical University (TSTU) with about 10,000 students; Ternopil National Pedagogical University (TNPU) with about 15,000 students; and Ternopil State Medical University (TSMU) with about 5,000 students. These universities have some fiber optic cables (1 gigabit/sec), some copper cables (10 megabits/sec) and some wireless links (speeds up to 100 megabits/sec). The four universities collectively enroll about 55,000 students and have many research oriented programs. Before this project was initiated, all the universities in Ternopil were plagued by the slow speed of their Internet connections. Initially, our project will provide a 4 Mb/s Internet connection which is just a fraction of what the four universities need, but it will be a tremendous step in the right direction. As we write this paper, it appears that Ukrtelecom, the Ukrainian telephone monopoly that owns most long distance fiber optic lines, plans to reduce its prices soon, so we might be able to purchase an even faster Internet connection. There are several Internet service providers in Ternopil: Bitternet, Dilines, Megaline, and Infocom. The largest of these is Bitternet. It owns most of the fiber optic cables to the universities and many of the cables connecting other institutions. The Ternopil Educational Communication Center (TECC) is ensuring that all of the universities mentioned in the preceding paragraph will be connected to Bitternet through 1 Gbps fiber optic links, and also have a fiber optic 1 Gbps TECC backbone for inter-institutional connectivity. At present, the average university user experiences an effective Internet access speed of about 1-5 KBytes/s. Our goal is to increase this to an average effective speed of 8-32 KBytes/s. The NATO project provides some initial funding to purchase higher speed Internet connectivity, and it is expected that in the future all institutions participating in the TECC will pool their Internet budgets to sustain the network after its initial year of operation. This, together with the local caching that we intend to do, should provide significantly faster Internet service than is available today.
There are many benefits to creating the TECC. First, the TECC plans to not only connect the major universities, but to connect as many of Ternopil’s high schools as possible. The exact details of this part of the project are being worked out at this time. Second, creating and operating the TECC will also provide the universities with valuable experience in managing large networks. Third, part of the plan for creating the TECC is to create and manage a 16 CPU multiprocessor system that will be connected to the 128 CPU research cluster of the Kyiv Research Institute of Cybernetics. This link will be used for research in Grid computing. Fourth, this project will initiate the first widespread deployment of wireless systems throughout the city of Ternopil. The TECC project has three major components: hardware, software and information integration. The next several sections of this paper will provide more details about each of these components.
The TECC Network
The TECC data center, which is located on the TNEU campus, will house cables that connect to each of the universities and also to the three Internet providers. The fiber optic backbone has two major branches: TNEU - TECC - TNPU, and TECC -TSMU - Ukrtelecom - TSTU. The data link level will run 1Gb/s Ethernet 1000LX. A 3-level switch will connect these links and serve it as a central point for all institutional networks. From the network layer point of view, the TECC network will be an autonomous system with two class C IP ranges (512 IP addresses). Two gateways will be running on the borders with other autonomous systems. These gateways will work as a high availability cluster, load balancing system and reserve. Existing routers will perform as firewall and filtering routers. The security policy for TECC will be created and administered by the system administrators of all four universities that have founded the TECC. The existing gateways will control bandwidth between the TECC participants, depending on their financial fees. All universities will have their guaranteed minimal network speed, and in addition will be able to use whatever resources are unused. Each server that runs a service will be connected to its own channel in the TECC network. Each channel will have an appropriate security policy. In addition to standard network services such as e-mail, DNS, www, SSH, SCP, SFTP, news, forums and chats, the TECC network will support a virtual library and remote service for parallel calculations.
The TECC Network
The TECC Cluster is operational and consists of 16 CPU. This cluster provides a platform for executing execution of computationally intensive applications, such as neural networks training, image recognition, multi-criteria optimization tasks, modelling multi-parameter dynamical systems, processing of data from satellites and environment monitoring, and prediction of space weather. This cluster will be connected to the Glushkov Institute of Cybernetics of the National Academy of Sciences of Ukraine using the Academic Ukrainian Network UarNet.
Software used on the TECC Network
Most of the servers and all of the routers will use the Linux operating system. IPtables will be used to filter all network traffic in either direction. Web services will be provided by a mix of Apache and Microsoft IIS servers. DNS service will be offered by two servers. E-mail services will be handled by Sendmail and Postfix. We will run both MySQL and Microsoft SQL servers. We will support a variety of Web-oriented languages including PHP and CMS. The TECC will also support virtual server software including XEN, VMware, and OpenVZ. It will also support an OpenMosix server for dynamic load distribution, and parallel distributed MPI. The TECC center will support a variety of programming languages including C, C++, NET, UFH, IRBIS, and SCIF (for information resource sharing).
TECC information services
A key component of the TECC project will also be to provide a rich collection of information resources to the people of Ternopil and the surrounding region. One of the central aspects of this effort is to integrate the on-line library services for the city of Ternopil and the surrounding region. The libraries of the four university members of the TECC will also participate in this effort. The details of this part of the project have not been settled yet, but we can provide some general idea of the scope of the effort. The libraries in the Ternopil region use a variety of systems and protocols, and any effort to integrate their services must deal with these differences. Among the systems used are the Ukrainian Fond House system (UFH) and the IRBIS system. Among the protocols used are TCP/IP, NetBEUI, Z39.50 System of Information Sources Cataloguing protocol (SCIF), and HTTP. We believe that the SCIF protocol provides the best platform for our purposes because it was designed for distributed use. The UFH and IRBIS client/server systems are the most common library systems in the Ternopil region as well as the most common systems for most Ukrainian universities. Consequently, we will not insist that all participants use SCIF, and will have to provide a SCIF interface to the various systems. We use the acronym TECC-IS to stand for TECC Information Services. The basic architecture for TECC-IS is the following.
1. Database and other information resources will remain with the current owner who will continue to have full control over them.
2. TECC-IS will receive data from the contributor in via whatever protocol the contributor is using.
3. The data owner has full control over access to any information resource.
4. TECC-IS will not be able to make any changes in the local databases. These can only be updated by the owner.
5. TECC-IS must provide a common interface that all TECC members can use. 6. TECC-IS must scale easily and interface smoothly into a Grid environment. TECC-IS must optimize requests directed to its various information providers. To improve performance of TECC-IS we will implement a cache server to store the most often requested information. This will speed up the response to the user and also reduce the load on the local system. We expect that TECC-IS will primarily be based on the TECC Microsoft IIS servers.
Grid computing and security issues
We plan to develop the Grid computing features of the TECC in four stages. These are described in more detail below.
Stage 1: The parallel high performance computer cluster with 16 processors (TYAN) and appropriate network communication hardware is now installed and operating. TYAN is based on Linux and uses the MPI (Message Passing Interface) library for implementing parallel and distributed routines. This is the only stage that is being funded by the NATO grant that set up the TECC. Stages 2- 4 will require additional funding and we are currently working on the grant applications to get these funds.
Stage 2: Globus middleware will be installed the TYAN cluster. This includes the process of generating user certificates and integrating into the world network. We plan to include the 54 personal computers of the TNEU digital library as computational nodes of the Grid system via this Globus middleware. These PCs can be used as Grid nodes everyday from 8:00pm until 8:00am. Thus, at times we will have a Grid network consisting of 70 CPUs, and this system can be used for the computationally-intensive tasks of TNEU’s Research Institute of Intelligent Computer Systems such as parallel neural networks training, and facial recognition.
Stage 3: The Globus middleware will be installed on appropriate high-performance or cluster systems of TECC members. At this point the TECC Grid System will become operational.
Stage 4: The TECC Grid System Obtained will be connected to the Grid-segment of Ukrainian National Academy Sciences (www.acadgrid.org.ua) and the Grid-segment of the Ukrainian Ministry of Education and Sciences (www.grid.ntu-kpi.kiev.ua) using the UarNet and URAN networks. This expanded Grid-system can then be used for execution computationally-intensive research tasks inside and outside Ukraine. We will base the security system for the TECC Grid system on the approach described in. This system will have the following features: 1. It must be intelligent. The main component of this system will be a software agent. 2. It must be distributed. Since Grid components are widely separated and have their own links to the Internet, by its nature any system seeking to defend the TECC Grid must be distributed. 3. It is intelligently layered. Thus, we will have agents at each layer of the system. In particular, an agent at the (i+1)-st layer consists of several agents from the i-th layer and so on. 4.It will exploit self-similarity. The TECC Grid system can be considered a functionally homogeneous self-similar system with unlimited number of layers and agents on each layer, which can be described by a matrix. The agents execute similar processes but they have different algorithms to be executed on different layers of the system. We want our security system to use this architectural feature for its own architecture. Our Grid security system will provide confidentiality, integrity, availability and procedural monitoring of information resources. It can be shown that confidentiality, integrity, availability and procedural monitoringare a sufficient base upon which to synthesize every feature of information security.For example, confidentiality is the basis for implementing such functional features asidentification, authentication, unauthorized access, electronic signature, etc. Integrity allows regulating the following characteristics of an information security subsystem: integrity, safety, tolerance, fault-tolerance, redundancy, etc. Procedural monitoring allows synthesizing warrantability, accountability, delivery, audit, observability and other characteristics.
Conclusions and future work
Ternopil Educational Communication Center (TECC) has significantly improved access and communication between institutions in the Ternopil city region. It is or will provide the following benefits to TECC members:
1. Integration of the information technology resources of the four major universities located in Ternopil.
2. Improved Internet access for students and staff of the universities of Ternopil and other institutions.
3. Provide improved interuniversity communications via a fiber optic 1 Gb/s backbone.
4. Provide a fast connection to the UarNet, URAN and GEANT networks.
5. Introduce video conferencing throughout Ternopil and across the Internet.
6. Provide Web-based information resources that include many resources from the regional libraries.
7. Develop a cache-server that provides rapid retrieval of commonly used information.
8. Create a base for educational, academic and research cooperation between universities in Ternopil and those in Maine and in other parts of the world.
9. Develop a prototype that can be replicated in other regions of Ukraine.
10. The TECC Grid system that will significantly benefit computationally intensive research in Ternopil and Ukraine.
We expect to complete the project by the end of September 2008. After that we will continue to improve the TECC and to continue to develop the TECC Grid system. We will also focus on developing programs between the University of Maine and the Ternopil Universities. We expect to work with other regions to Ukraine to help them implement similar systems.
The co-authors would like to thank NATO for funding project NUKR.NIG.982000 and giving us the opportunity to significantly improve Internet service and computing for the city of Ternopil and its region.