Articles Abstracts JRES 2015

JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Articles abstracts JRES 2015

Articles abstracts

Posters abstracts

Abstracts arranged by chronological order

Abstracts arranged by author

Abstracts arranged by alphabetical order

1 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Articles abstracts

Arranged by chronological order

2 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

189 : Rosetta, in search of our origins

Author : Philippe Gaudon

Rosetta is a double observation project of a comet : the orbiter observing from remote the comet development according to its distance to the sun, the Philae lander from a position on the surface.

P. Gaudon will show why 20 years were needed to reach the comet Churyumov- Gerasimenko, how activities have been conducted since the arrival in the surroundings of the comet in 2014, what are the first important scientific results provided by the numerous instruments of the 2 probes

3 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

146 : GÉANT Association NRENs for Campuses

Author : Peter Szegedi

Supporting the global higher education and academic research community with networking and other value added services above the net is the key mission of the European Research and Education Networking (NREN) organisations gathered under the GÉANT Association. Campus Best Practice is one of the flagship activities funded by the European Commission under the GÉANT project. It collects best practice documents and disseminates them to campuses covering various technical areas relevant to them. eduroam is a network access service that supports student mobility across campuses and it is part of the broader federated identity work of the GÉANT Association. Simple guidelines for implementing successful federated login to web-based services are also available for campus IT administrators. Discovering cloud service offerings not only at your home NREN but from other NRENs and industry partners is just as important as sharing knowledge and expertise on cost-effective data storage infrastructure deployments and file based sync & share services facilitated by the TF-Storage task force. A brand new activity related to real time communications and multimedia management has just started in GÉANT that brings together traditional video conferencing, WebRTC technology and Open Education support services for the benefit of the collaborative teaching and learning ecosystem. This tremendous knowledge is all available in a fully open fashion for universities and campuses powered by GÉANT.

4 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

56 : OwnCloud Implementation in the University of Lorraine

Author : Benjamin Seclier

The university of Lorraine observed that many teachers-researchers use synchronisation and file sharing services like Dropbox or Google Drive. To ensure the confidentiality and to conserve scientific and technical data, we decided to provide this kind of service in our university. After studying several synchronisation/file sharing solutions, the ownCloud software has been selected and deployed – experimentally first – (end of 2014), then made available for all staff in September 2015. In this communication, I will present the different steps of this installation in our university :

1. the installation of the required infrastructure for this service. I'll explain the detail of all our servers and some choices we made about sessions storage, logs centralisation, etc. ; 2. the presentation of ownCloud's plugins (« apps »), used in our establishment ; 3. how we decided to open our service step by step in order to reach 7000 persons ; 4. the tools created for this opening (the full documentation, video tutorials, survey, etc.) ;

Some numbers will be used to illustrate my presentation (average quota among others).

5 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

132 : My CoRe, File Sharing and Nomadism

Author : David Rousse

Background

Since the end of 2012, the National Centre for Scientific Research (CNRS) has offered laboratories specific services (http://ods.cnrs.fr/) that are adapted to research tasks and their security constraints: Secure Cloud (virtual servers, secure web site hosting, raw data storage), Integrated Messaging, CoRe (multi-control collaborative portal), My Com (individual video conferencing).

A new service, My CoRe (http://ods.cnrs.fr/mycore.html), based on the open-source software ownCloud (https://owncloud.org/), has enhanced this offer. It allows agents working in CNRS units to: exchange files with other people private or personal partners from the world of research with flexibility, share and synchronise large files in an area that is accessible from any location with an Internet connection (roaming), with any type of platform, ensure simple and secure safeguarding of professional files.

Presentation Details

This presentation at the 2015 Network Conference (JRES) aims to detail the way this service was built and the areas of satisfaction but also the difficulties encountered. The following topics will be addressed during the presentation: pre-project, highlighting a reflection on the status of the art and the functional needs that have emerged from the situation; feasibility study, focusing on load tests conducted and the technical pre-framework that followed; implementation of the solution, focusing on the functional and technical details underlying this service; pilot phase and its resulting feedback; current status of the project and future developments. 6

6 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

178 : Synchronize and Share Documents With Seafile

Authors : Vincent Lucas, Éric Laemmer, Simon Piquard, Alain Heinrich, Pascal Geoffroy

This year, the Strasbourg University has set up a new service to provide syncing and sharing file facilities. This service is based on "Seafile" software and hosts actually more then 10000 users and 2To of data.

This paper depicts the project realization and evaluation.

First, the article explains Seafile mechanisms, such as client main principles, client-server communication and the deployed architecture.

Then, we describe the account management process. For example, we details the guest account management process, which ables collaboration with external members from the Strasbourg University.

Finally, we evaluate Seafile functionality, management complexity and performances. To this end, we analyse common use cases and our feedback experience.

7 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

66 : FG-Cloud: Community Science-Based Distributed Cloud

Authors : Jérôme Pansanel, Mohamed Airaj, Catherine Biscarat, Nicolas Clementin, Christine Gondrand, Sébastien Geiger, Vanessa Hamar, Michel Jouvin, Vincent Legoll, Sha Li, Charles Loomis, Matthieu Marquillie, Jean-Marc Pierson, Matthieu Puel, Geneviève Romier, François Thiebolt, Andrei Tsaregorodtsev

The scientific interest group (SIG) France Grilles, initially focused on grids and storage, now offers services based on IaaS 'Cloud Computing'.

By integrating the latest technological advances, the group offers a service that meets changing needs for processing scientific data, particularly in terms of elasticity and flexibility.

As a result, France Grilles has developed a federation of IaaS clouds, based on the principle of sharing and pooling expertise, bringing together resources (calculation, storage, network and human resources) supplied freely by various participating sites, imposing as few constraints as possible.

In the first section, we will present the features of the infrastructure: * the sites and the human network behind the infrastructure * the technology used * the services in production * hosting of new participating sites * integration at the European level and EGI certification

The second part will give details of a number of examples of using the infrastructure, and in particular the lessons we have learned from the Cloud Challenge, a full-scale infrastructure test by an expert user.

We will conclude with how to access the France Grilles Cloud and the various services offered to users: * Cluster instantiation (calculation, storage, network) on demand * Support (training, advice, help) * Documentation * Developments (in terms of Cloud instantiation) 8 * Link to EGI's federated Cloud

8 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

4 : Multiplatfom Desktop Virtualization for Linux / Windows / Mac OS X - Feedback

Authors : Patrick Kocelniak, Simon Nieuviarts

Adeline is a student in class 1A. She bought a Windows laptop for her studies. Grégory is a teacher. He's a geek who loves adding experimental bits and pieces to his Linux distribution. Yves is also a teacher, but like most of the teachers at the school, he has a laptop running Mac OS.

At school or at home, using their personal computer, Adeline, Grégory and Yves connect to https://pcvirtuel.ensimag.fr using their web browser. A page appears and they begin working on a virtual Linux PC that is identical in every way to the Linux used in the school's practical work classrooms. They can therefore be sure that the programmes they prepare for practical work will run perfectly on school computers. Without affecting the installation of their personal computers, they can use the software installed at Ensimag as well as their documents.

For three years, the IT service at Grenoble INP - Ensimag has been studying two predominantly Linux-based virtual PC solutions: Neocoretech Ndv (in production for three years) and Redhat Rhev.

Providing feedback on this software, the following themes will be discussed: 1. Virtualising workstations: what are the needs, aims and challenges? 2. What production infrastructure should be chosen and what is the cost? 3. Reality test: what are the positives and negatives? 4. Demonstrations: user side and administrator side. 5. Determining criteria to use in order to move towards and choose a virtual workstation solution.

9 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

28 : Microlinux: a Solution for Desktops Virtualization

Authors : Nicolas Hordé, Eric Trezel, Stephane Rocher

Our solution involves cloning virtual machines from a central server to a group of clients in compliance with criteria defined beforehand using a dedicated interface.

Microlinux includes: a server (Ubuntu 14.04.2LTS): a database that includes VM deployment information (PSQL) several scripts that enable multicast VM deployment (Python, Bash) a PXE start-up/installation system for Microlinux (TFTP/HTTP)

an administration interface coded in Jython, which runs in a Java machine, and is multi-platform: Here, administrators choose the various criteria that distinguish between the computers to which virtual machines will be cloned as well as the users who will be permitted to use them.

an oVirt hypervisor that allows users of the solution (teaching staff) to prepare VMs. clients based on Debian Wheezy, bootable from the network (PXE) or from the disk after installation: End users (students, administrators) see an interface (WEB/HTTP) at their workstation, generated by the various criteria chosen by administrators. They can access virtual machines, RDP/SPICE connections or web pages.

This solution allows different operating systems to exist on the same workstation and enables batch reinstallation even if users are working on another virtual machine. It is then easier to reinstall workstations, making computer stock management more dynamic, therefore enabling previously dedicated rooms to be used for all purposes. It is then also possible to run several operating systems at the same time (practical work on 'networks').

10 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

108 : Implementing a VDI Solution Based on Dell Workspace

Author : Eric Bisgambiglia

There is a vast range of offerings for Virtual Desktop Infrastructure (VDI) implementation software. Dell V workspace (formerly Quest) has existed for several years. Since last year, this tool has been used in some classrooms and training rooms at the University of Toulon for various audiences.

I will introduce essential criteria considered during the selection of this solution: the type of virtualised systems, fixed stations, thin clients and operating systems likely to accept the agent, the ease of installation and implementation, and financial considerations. I will continue with technical prerequisites to follow regarding networks, servers/hypervisors and computer stations required for this device to function. I will briefly discuss the advantages that such a product offers in terms of user assistance, and also for formatters and end users. I will finish with a practical example of creating a pool of virtual desktops, including concepts and notions specific to this product.

In conclusion, an objective assessment after one year of use will be established, showing the status of this solutionâ€™s benefits, but also its constraints and limitations in certain areas.

11 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

179 : Advanced Virtualization of Windows Workstations Under Linux KVM

Authors : Jean-Marc Liger, Julien Joubin

This article presents a report on the virtualisation of Windows 2008/2012 servers and Windows 7 workstations in a professional environment.

After a brief overview of the reasons that led to choosing the Linux KVM hosting solution, we will discuss the various steps that result in a functional solution for the Windows guest OS, in particular the performance optimisation we can carry out on the environment, thanks mainly to the paravirtualisation drivers provided with the SPICE protocol.

We will then examine how to use this solution to implement a system for sharing data between the host and the guest, to perform guest command line backups from the host, and, as a result, to easily manage Windows updates without having to worry about blue screens. At this stage, we have all the elements we need to quickly implement a disaster recovery plan that is simple and robust.

Going further, we will examine the QCOW2 storage format, which permits both data compression and support for Copy on Write mode. We will then discuss joint PXE implementation of a client root using NFSROOT for diskless distribution of VMs in the university's classrooms.

Finally, we will examine the advantages that the RDB/Ceph distributed file architecture offers when implementing a Business Continuity Plan.

We will then have introduced a simple and robust solution, offering a wide range of possibilities, but offering in particular regular and long-term updates, all for a low ownership cost.

12 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

92 : Security, 10 Years Later

Author : Benoit Moreau

Ten years after the first regulatory texts, the context and challenges of IT system security have changed radically.

In 2005, cyber-threats were science fiction, and the issue of system security was highlighted in order to reassure users in the face of the novelty of remote government services. Today, attacks take place on an almost daily basis, and so we must close ranks to protect the many systems that have become essential for our tasks. Loss of control over IT systems is increasing (BYOD, cloud, etc.), attacks are becoming more sophisticated (APT), challenges are becoming more widespread (criminal behaviour, spying, connected objects, etc.), and the overall view is becoming more complex, with governments that act as 'regulators' and aggressors simultaneously. At the same time, several scientific studies show that the key actors must continue to grow while product robustness and IT system security investments still do not meet requirements.

IT systems are becoming e-giants with feet of clay, subject to regular attacks, and major incidents will occur. We must now adopt and organise suitable measures in order to increase IT systems' robustness and ensure their resilience.

13 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

48 : Security Compliance Process for the Siham-PMS Teleservice

Authors : philippe Bader, Cedric Servaes

From April 2015, Amue (Agence de Mutualisation des Universités et des Établissements; the French pooling agency for universities and institutions), which specialises in designing software solutions for higher education and research institutions, has offered its members a product to manage its payroll and jobs: Siham-PMS.

The Siham-PMS teleservice is built on the ScénarioRH software from publisher AllShare. It is deployed via Citrix and runs in SaaS mode. The servers are hosted with a provider (BULL). User access takes place via a VPN, which can only be accessed from the RENATER network.

Because of its status, Amue is obliged to ensure that its teleservices comply with RGS (the general security database drawn up by the French government), and certification is therefore required.

To achieve this, Amue has enlisted the services of an IT system security auditor (PASSI) certified by the French national agency for IT system security. The support provided had a particular focus on creating a security document and preparing for the certification committee.

This report will include a quick overview of Amue's IT system security policy followed by the context and the certification procedure implemented, and more specifically:

Project launch (project team, scope, planning) Risk assessment (study of the context, impacts and security requirements) Technical audits (intrusion tests) Inventory of security measures (interview, documentation analysis) Developing the security document (reports, FEROS method) Certification commission (preparation, development and monitoring decisions)

Amue will share its experience and give a few tips on how to avoid pitfalls and successfully 14 receive certification.

14 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

142 : Trusted Certificate Service : The RENATER Certificate Service

Author : Marc Turpin

Since 2005, the French telecom network for technology, education and research (RENATER) has been offering X.509 certificate services to its community. The goal of this service is simple: to provide institutions with "pop-up free" X.509 server certificates, which are issued from a certification authority that is recognised in browsers.

This service is changing to adapt to the educational and research community's requests and expectations. Through the association GEANT (a merger between TERENA and Dante), RENATER chose the company DigiCert to operate the TERENA Certificate Service (TCS)'s new Certificate Authorities (CAs). DigiCert is a major participant in the CA/Browser Forum, the Internet Engineering Task Force (IETF), The Americas Grid Policy Management Authority (TAGPMA) and the European Policy Management Authority for Grid Authentication (EUGridPMA). This choice allows for extension of the range of available certificates, simplification and acceleration of validation processes and provision of a more ergonomic portal.

When the service first launched, there were only server certificates. But in the last few years, the service has expanded to include personal certificates and code signing certificates. It has now become TERENA Certificate Service and 29 European NRENs benefit from this service.

Since July 2015, this new version of the TCS has offered the possibility to encrypt client/server communications, sign e-mails, encrypt e-mails, sign documents, authenticate and code sign.

In France, 338 institutions have subscribed to the TCS service from RENATER.

15 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

187 : A Feedback on the Design of a Strong Authentication Solution

Authors : Dominique Alglave, Pascal Colombani

In IT systems, access is secured by authentication. This application security component is highly vulnerable when used in conjunction with a single sign on (SSO), as it can spread a vulnerability to the entire federated domain.

The French Ministry of education has developed a model of an enhanced authentication solution, choosen from a previous study (see The state of the art on enhanced authentication), to validate the concept, its integration, its security level, its user-friendly level, the enrolment and organisational processes... This solution should be less vulnerable to phishing and keyloggers than a simple password protection, without strong authentication constraints and physical media deployment complexity.

The Ministry has chosen to develop a self solution using a dynamic grid. This solution does not rely on a physical device, does not require plug-in installation and uses a pattern which is difficult to transmit in case of phishing. The principle is that the user knows a secret pattern in a grid and is challenged with a grid containing random numbers or letters. The overlay of the pattern onto the random grid creates a One Time Password (OTP). The authentication is strengthened with the use of an additional 'pin' code entered before or after the OTP.

The model trials connections to radius, SAML V2 and Open Id Connect clients to test uses for various purposes (Web SSO, VPN, user workstation, etc.).

16 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

112 : Setting up an OpenStack Based IaaS Platform at Lille 1 University: Feedback

Authors : Xavier Buche, Mohammed Khabzaoui, Sébastien Fillaudeau

Nowadays, the new paradigm of cloud computing is all the rage. Everybody talks about it, but very few know the ins and outs of its working. And that's the consequence of one of its expected feature : to be opaque. The user doesn't have to know the details of its implementation.

This talk is intended for system administrators as well as interested computer scientists, with the aim of disclosing the intimate machinery of a cloud and presenting it from an unusual point of view : the inner side. Its goal is to show how an Infrastructure as a Service (IaaS) kind of cloud platform has been set up at Lille 1 University.

Like the public clouds, this platform isn't designed for a specific use, and the points raised in this presentation are independent of that use. However in a first phase and as a testing target, it is actually mostly used for teaching (student projects, lab works, etc.).

This project is separate from the France Grille cloud hosted in Lille, dedicated to scientific computing and also based on Openstack.

We will cover the following topics: - the needs - the choice of OpenStack - the hardware - the implemented components - the main configuration choices - the main obstacles - the outcome

17 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

182 : How to Add Salt Everywhere (or How to Salt your Infrastructure)

Author : Aurelien Minet

Automation needs are becoming increasingly significant: new practices and requirements are coupled with an increasing workload and decreasing staff numbers. Alongside this, the system administration landscape is changing, particularly due to innovations meeting the needs of web giants, containers and everything that is 'software defined' are typical examples. To help support these technical and cultural developments, and in particular for their full-scale development, new tools have been created. Configuration management solutions such as Puppet or Chef quickly come to mind. But ultimately, more is needed, in the sense that, on principle, it is necessary to define and by extension, perform controls, checks and possibly corrections, not forgetting that coordination may be required when there are several tenants.

The 'new kid on the block' in this field is SaltStack. Some might describe it as a configuration management tool, but it is more than that. In addition, some players use tools such as Puppet alongside it, as it covers other fields. It sets itself apart from other solutions because it uses a remote execution framework and, to achieve this, contains a bus. After describing SaltStack and explaining how it works, this article will present the possibilities offered by this tool through its various facets and use cases to highlight the power that users can benefit from. The article finishes by answering the question "how can SaltStack help me?", giving practical examples (installing an Oracle Database, configuring HAProxy, WiFi terminals, Kaspersky, etc.).

18 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

100 : FranceConnect : Universal Access to Online Services

Authors : Anne-Hélène Turpin, Laurent Voillot, Eric Heijligers

In mid-2015, the Interdepartmental Directorate for State ICT Systems (DISIC) will offer users an identification system that is recognisable by all French civil services and the partners subscribed to this system, which also offers online services. This system is the 'FranceConnect' project. The purpose of FranceConnect is to simplify the relationship between users and all civil services.

The Family Allowances Fund (CAF), social security, city council, higher education institutions, etc.: To manage tasks across various civil services, users juggle a variety of digital identities. With each login they must remember user names and passwords, and when they sign up with a new civil service, they must create a new account. Although these tasks are carried out with different organisations, users are actually working with a single entity: the government.

FranceConnect will offer an identification tool that is recognised by all the available digital public services in France, including services accessible to students in higher education institutions through the Education-Research federation (fédération éducation-Recherche) operated by the French telecom network for technology, education and research (RENATER). Far from replacing different public identity providers, FranceConnect aims to unite accounts. Therefore, neither user account centralisation nor unique digital identity systems will be imposed; the user will be free to choose the accounts he wishes to use for other civil services.

19 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

140 : Constitution of an Identity Repository (Campus Best Practice 2014)

Author : Alain Zamboni

With the proliferation of authenticated services offered to the largest possible number of users, identity management has become its own separate entity that is widespread in our information systems (IS). At the 2014 session of Campus Best Practice (CBP), a GEANT project led nationally by the French telecom network for technology, education and research (RENATER), an inter-institution task force focused on this theme.

The result of this work took the form of a guide of best practices to create an identity repository, with the aim of creating a solid foundation to understand more advanced topics in the future (centralised group management, identity federation, etc.). It is now publicly available on Renater's website. Although it is mostly aimed at institutions wanting to get started with centralising their identity management, this guide is also of interest for institutions that are already more advanced. In it, they can find tips to resolve certain problem areas.

This presentation aims to summarise the key points of the document. The following items will be discussed: a definition of the perimeters of identity management within an information system, defining IS elements that they put to use and their interactions; a proposition of functional identity repository architecture on two levels: individual management and account management; a methodology to establish an identity repository within its IS, describing steps to follow and questions to ask; more in-depth advice on identity provision and user account management.

20 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

103 : Implementation of a Common Repository of Individuals Throughout a Region

Authors : Philippe Depouilly, Boris Doucey, Karen Raynal

As part of the establishment of the Aquitaine Digital University (UNA), one of the regional digital universities in France, a Master Plan (SDNA) was created to define a group of 31 projects focusing on 4 themes. These projects aim to promote increased use of information and communication technologies within higher education.

Here we will speak in more detail about the project 3.8, that aims to provide higher education institutions in Aquitaine with a common repository of individuals. Initially started in 2011, this project was based on recommendations obtained from an external study. According to the institutions, the recommendations were too restrictive to be feasible.

In 2012, a new project leader was announced and the objectives were further discussed with all the partners (IT departments from research and higher education centre [PRES] partner institutions). The repository was launched in June 2014. The main goal has been achieved; it is used by two-thirds of institutions and individual users number approximately 90,000 people of the 120,000 expected.

For its achievement, the technical decisions will be developed as follows: - sufficiently easy data modelling to be rolled out over time - an initial import phase from various institutions and removing duplicate individuals (in the context of Bordeaux universities merging) - selecting REST/JSON API and Webservices technologies on top of Java/Spring /Hibernate

We will also present the status in 2015 through a few usage statistics as well as an assessment of this solution based on the experience feedback from the University of Bordeaux.

21 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

13 : CASShib or Why I Shibbolethised my CAS

Authors : Olivier Adam, Sébastien Simenel, Fabien Berteau

Perhaps you have already wondered how to migrate an entire set of applications and delegate their authentication to a CAS server in an identity federation in a single step.

The Rennes Academy IT department asked itself this question in September 2011. Until then, it had been using the 'toutatice.fr' digital workspace for all key players in primary and secondary education in Brittany. The CAS server is the solution adopted to authenticate users from all digital workspace (ENT)-integrated applications and to communicate identification of one application to another in the event of using a web service (CAS proxy). Approximately 30 applications were then configured or adapted to be CAS-compatible.

In September 2011, the framework changed: the Brittany region and the academy partnered together and committed to open the ENT to exterior individuals. The Toutatice ENT and all its applications must now pass through a service provider to implement identity federation. The unitary reorganisation of applications to be SAML2-compatible depends on the availability of internal and external operators. The schedule is not easy to manage! We are therefore choosing to implement a SAML2-to-CAS bridge to simplify this transformation... 'SAMLifying' a CAS server, if you will.

We will present the CASShib solution: its advantages and disadvantages, as well as possible developments to it. We have been using it in production for nearly three years and handle 70,000 authentications per day. It has allowed us to federate an entire digital environment with identity providers.

22 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

174 : INRIA Service Desk and its Tools

Authors : Jean-Denis Séméria, Denis Buffenoir, Elisabeth Verplanken, Daniel Terrer, Hassan Qamar, Philippe Lecler

The Inria Service Center and its tools

After the reorganization of its IT services, Inria decided to rationalize and align the support for its Information System (IS) provided by different teams located on its 8 research centers and on the headquarter. We are now giving our feedback on this project.

We created four working groups to select the helpdesk tool and define the processes, the catalog of services and the future organisation. From the beginning, we decided to base our approach on the well known library of good practices ITIL v3.

We started working on the first software component. We set up a unique helpdesk tool to provide a single point of contact and manage all the user requests about the Information System of Inria.

We had to go through intermediate key steps before reaching this result: we defined the catalog of services, we described the processes and we built the technical solution ; then we trained people on ITIL and on the solution.

This approach incited us to define a new organization of the support: we built a distributed center of services based on the existing responsabilities, for cooperatively managing the support. It is based on a set of common processes, good practices, and tools.

23 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

105 : Services catalog, 3 Viewpoints on its Implementation and its Life Cycle

Authors : Christophe Saillard, Eric Sand, Yannick Monclin

With major changes experienced by our organisations in recent years (mergers between institutions, research and higher education centres [PRES], university and establishment communities [COMUEs], conversion to IT departments, etc.), IT teams had to reorganise and change their operations, often along with expansion and diversification of the complex perimeters to handle.

It appears that the service catalogue was the tool implemented by three universities (Lorraine, Reims Champagne-Ardenne and Strasbourg) to approach multi-level conversions: in relationships with users; in the development of internal organisations; in the migration from a technical culture to a "service" culture for IT engineers; in modifications to the IT system related to the structuring nature of the services’ content.

The presentation will therefore explain expected and achieved goals, implementation methods and catalogue life cycle via concrete examples from different institutions regarding: size and organisation of IT teams; context during catalogue implementation; goals achieved; current assessments.

Finally, we will explain the expected medium-term perspectives from our institutions to introduce new conversions.

24 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

43 : Best Practices for Securing BGP

Author : Jerome Durand

BGP (Border Gateway Protocol) is the de-facto Internet routing protocol. It makes it possible for autonomous systems to exchange their routes dynamically while keeping a very high level of control of what is announced. Best practices must be followed to keep a reliable and secure environment: router security, TCP hardening, control of routes being exchanged, control of AS Path, communities... While many documents have been created over the past years, there was a lack of a global view validated by a community of experts. This situation has changed since early 2015 as best current practices have been published in RFC 7454: « BGP Operations and Security ».

In this article, main author of this RFC 7454 presents main aspects of this document. As a former operation manager of RENATER he details what aspects of this document best apply to french education & research community.

25 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

119 : Multi-Domain Virtual Private Network : a Seamless Infrastructure for Regional Networks and NRENs

Authors : Xavier Jeannin, Sebastien Boggia, Jean Benoit, Benjamin Collet, Christophe Palanche, Alain Bidaud

Research and education network operators offer layer 2 and layer 3 VPN services. These services are difficult to implement, as the service must extend beyond a regional or national network (NREN). This is the type of problem that the new network service Multi-domain Virtual Private Network (MD-VPN) resolves.

MD-VPN is a seamless multi-domain infrastructure capable of delivering a variety of network services: point-to-point and multipoint L3VPN (IPv4, IPv6) and L2VPN.

MD-VPN is a very flexible service: it allows for quick release of VPNs; only one local configuration at the ends is necessary (in the regional network); no configuration was necessary in the networks crossed (RENATER, GEANT, other NRENs).

As of 1st March 2015, MD-VPN is used in 15 countries in Europe. This already means excellent connection possibilities between 457 access points in Europe potentially to be used for our usersâ€™ projects. Additionally, in the event that the service is not locally available, it is still possible to connect via a VPN-Proxy.

MD-VPN is an excellent tool to develop French regional networks, OSIRIS and SYRHANO being pioneers of this domain (institutes spread throughout France, shared hosting of large equipment, computing tables, cloud, etc.). International VPNs aim to provide technological support to international partnerships, which are now very common in the scientific world.

Based on proven standards and technologies (RFC 4364, 3107), MD-VPN is supported on many routers. Its roll-out requires no investment cost, and operating costs, for their part, are significantly reduced.

26 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

45 : SDN for Dummies

Author : Jerome Durand

SDN – Software-Defined networking – is certainly the hot topic in network world these days. It is almost impossible to have an article, a tweet, a blog post or a conference without these 3 letters that seems to be the solution for everything in our networks. In such an agitation, network admins are most of the time lost and that also applies to research&education community. What is SDN? What is Openflow? What does that bring to me? Is that something that will stay in researchers' labs? Isn't it a new techniques manufacturers are using to sell their latest devices?

This article is a simple presentation of SDN, so everyone can makes his own judgement of this latest network evolution.

27 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

115 : NFV / SDN: a Hybrid Approach

Authors : Xavier Jeannin, Frédéric Loui

The SDN (Software Defined Networking) concept relies on decoupling between the local communication plan to network equipment and the control plan that becomes remote, authorising centralised network management. The main result is that the network becomes programmable and may be coupled with users' business applications.

Network Functions Virtualisation (NFV) offers to extract network functions from dedicated equipment and to make them function in a virtual environment. For network operations, NFV is an opportunity to offer services with more flexibility, and is capable of very high-scale operation but above all, it does so more quickly by using the intrinsic properties of virtualisation.

Some services ensure specific functions that can be concentrated on certain points outside of the network, such as the DDOS suppression function. As a result, user traffic must be able to be rerouted from its path and sent through these services for specific processing: this is known as "service chaining". With a view to standardise, the IETF has developed a task force for service chaining, which relies heavily on SDN and NFV.

Data centres are already implementing this service arrangement for their users. In the area of WAN, the constraints are different and, although they have not yet been completely resolved, they are already partially being handled by data centre interconnection techniques and especially by Ethernet VPN.

28 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

170 : Network Infrastructure Scalability for Virtualization With VXLAN

Authors : Benjamin Collet, Christophe Palanche

The Information Technology Department at the University of Strasbourg hosts over 600 systems spread over one hundred KVM hypervisors. History and the constraints imposed by applications hosted on virtual machines led to the splitting over one hundred networks, most of which are protected by firewalls operating on the OpenBSD system.

To facilitate migration of virtual machines from one hypervisor to another, these networks must be provided with computer rooms and hypervisors for all equipment. We have reached the limits of this solution, which, although it is functional, places a substantial burden on the various equipment and makes it difficult to configure the hypervisors.

First, we present the different solutions studied, as well as the reasons why we kept VXLAN to solve the problems we were facing. Second, we explain the operating principles of the protocol and the implementation procedure for our current virtualisation environment, as well as on the cloud computing platform currently being developed. We also explain the impact on network infrastructures.

To conclude, we present the possible changes in this architecture in the framework of the arrival of our data centre and the emergence of new technologies such as Ethernet VPN.

29 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

120 : Data Center Interconnect: EVPN

Authors : Xavier Jeannin, Frédéric Loui

The use of data centres (DC) is an essential support component for research and educational activities. Needs in terms of computing and storage are continually increasing. This growth and the emergence of virtualisation technologies create new needs for interconnecting these DCs in terms of functionalities (VM mobility, etc.) but also in terms of scaling to introduce new network architectures that will allow the production of resilient mobile applications.

The IETF's RFC7209 "Requirements for Ethernet VPN (EVPN)" analyses new needs of DCs and the limitations of VPLS. The RFC 7432 "BGP MPLS Based Ethernet VPN" addresses the needs explained in this analysis.

The main idea of EVPN is to perform MAC address learning through BGP. EVPN is not just an operator protocol. Numerous network architectures can be established: EVPN in a DC (particularly for extending the layer 2 service to the operator), EVPN in an operator backbone and even EVPN directly between multiple DCs. In this last example, VXLAN is used as a data plane replacing MPLS and functions natively on IP; the operator is therefore completely transparent.

EVPN benefits from substantial support from major manufacturers. Currently there are several variants (EVPN, EVPN PBB, NVO, etc.). Network Virtualisation Overlay architecture is one of the most interesting with the possibility to dynamically create virtual networks for each user from hypervisors or ToR (Top of the Rack) switches from DCs.

30 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

34 : From the Smartphone to the Refregirator : the Password Great Escape

Author : Serge Borderes

Passwords, a well-kept secret... or an open secret known by a huge number of programs and connected devices. All of these devices, starting with smartphones, started off in our private lives and are gradually invading our professional environments. The online offerings from Internet players also provide users with alternative solutions, requiring that our IT systems be compatible. This technological trend has major repercussions on the security of our IT systems as it increases the risk of passwords, often services' only defence, being leaked or compromised. Nowadays, you need to be very clever indeed to know where users' passwords are. Maybe they're in the fridge.

In a hyper-technological and hyper-connected era, passwords are showing themselves to be increasingly archaic. It's like if we wanted to talk about road safety and our cars, packed full of electronics and racing along at 70 miles an hour on the motorway, had wooden cartwheels! This is a major challenge, requiring us to maintain protection for our digital professional lives while retaining the ability to take advantage of the best new technologies that are bearing down on society.

Firstly, we will examine how authentication using simple passwords for online services promotes the use of personal material as well as scattering and loss of logins. Secondly, we will focus on the method we trialled at CENBG in order to reduce the risks caused by the sacrosanctity of passwords and to restrain their uncontrollable spread.

31 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

152 : GÉANT : Helping International Researchers to Adopt eduGAIN

Author : Thomas Bärecke

The big research communities do not stop at national borders. However, the setup of authentication and authorization infrastructures (AAI) by federated identity management has long been limited by these borders. Since some years, GÉANT’s eduGAIN service extends the reach of AAI infrastructures to the European level or even worldwide, but its implementation for specific use cases stays complex and difficult. The main objective of the task «Enabling Users» of GÉANT is to assist research communities in this process and to help them satisfy their AAI needs with the available technologies. In this presentation, we will detail the objectives, the chosen approach and the results obtained so far during the work with several research communities. We will finish with a future outlook for the recently started project GÉANT4.

32 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

85 : IdP Hosting by RENATER

Author : Anass Chabli

RENATER, the National Research and Education Network in France, is offering a new service of hosting identity providers (IdPs), for members of RENATER community. This service aims to simplify access to federated resources for the small organizations.

Currently, to use resources of the research and education network, for example services provided by RENATER (Universalistes, plate-forme anti-spam, FileSender, etc.), an organization needs to join the RENATER identity federation by deploying there own identity provider. Small organizations are discouraged from this deployment because of budgetary, technical or organizational reasons.

With IdP hosting as a service, the identity providers are deployed, configured and hosted by RENATER. All the technical aspects (monitoring, updates) are included in the offer. If needed the service also includes the hosting of an LDAP directory. The organizations have access to it though a web interface that allows the organization to add and define access roles and attributes for multiple users. Various methods and tools have been used to ensure the continuous availability of the service. Managing updates has also been taken into account to ensure a great quality of service (bug fixes, security updates, use of the new features of the IdP ...).

33 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

181 : OpenID Connect, the Future of Identity Federation?

Authors : Nicolas Romero, Pierre Sagne

The French national education system will soon have used identity federation for ten years. Ever since the beginning, the aim was to build on standards, and SAML federation infrastructures have been rolled out in all production centres. This choice has naturally led to the interoperability of the national education IT system. All specialised internal federations have gradually been structured to move towards a hub federation model, allowing it to open up to the outside.

As a result, over time, the national education system has gained maturity on the topic and has upgraded its architectures and processes. However, it is now dealing with several challenges that 'traditional' identity federation is not capable of overcoming: a diverse range of audiences, linked to the need to include students, parents and staff, the multiplication of digital identities and the technological breakthrough introduced by mobile technology.

OpenId Connect, an authentication overlay based on the OAuth2 protocol, appears to be a good candidate in addition to, or even as an alternative to, SAML that allows these issues to be taken into account.

This article describes the federation model used by the national education system and its limits, then introduces OpenId Connect. It also presents the use case of integrating parent/student windows into France Connect, the French government's authentication system that is currently being trialled. This allows the SAML-based approach to be compared to the OpenId Connect-based approach, and to put the changes to the national education system's federation model into perspective.

34 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

89 : “Rendez-Vous”: Web(RTC) Conference as a Service

Authors : Franck Rupin, Emil Ivov

Over the last decade, video conferencing services were often deployed in the form of Multipoint Control Units (MCUs) using the SIP or H.323 protocols. These deployments have reached a moderate level of popularity and have satisfied some common use cases within the Research and Education (R&E) community. Most of them however have been sharing the same constraints:

High cost, Problematic usability, Deployment complexity, Lack of diversity.

The Jitsi Videobridge Selective Forwarding Unity and the accompanying Jitsi Meet web application appealed to RENATER as a unique opportunity to achieve one specific objective: Bringing affordable video conferencing services to the masses!

35 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

77 : Operating a Mailing List Service: Best Practices

Authors : David Verdin, Laurence Moindrot, José-Marcio Martins Da Cruz, Dominique Lalot, Luc Veillon

Mailing list services are omnipresent in education and research institutions and can no longer be deployed without complying with a certain number of best practices.

They carry a significant amount of critical information and they are strongly integrated into our IT systems.

This article presents the best practices collected by several listmasters from the education and research community and discusses the following points.

Messaging systems: as list servers are in essence message distributors, they must be built on optimal messaging systems.

Integration into an IT system: within a major institution like a university or a research centre, management of the mailing list service should be centralised and integrated into the IT system while retaining a certain amount of flexibility.

Use: as with all tools designed for end users, the mailing list service must be clear and up-to-date, and what it can be used for must be controlled in order to facilitate use.

Operation: because of its volume and critical importance, operating a mailing list service is sensitive and subject to significant limitations.

Computing and freedom: as they process and use personal data, mailing list services pose real problems in terms of the French law on computing and freedoms.

Level of service: organising a mailing list and the underlying technical mechanisms lead to a better level of service.

Note: all examples and illustrations in this article use the Sympa software.

36 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

58 : Video Archiving and Transcoding Platform

Author : Nicolas Carel

ENS de Lyon produces video since the 2000's, mainly conferences, on line courses, classroom observations. By 2015, broadcasting systems and file formats are now outdated. Increasing bulk storage of video files tends to become unmanageable.

To cope with this situation, we had to address those challenges by building a new archiving & transcoding framework. Goals where mid & long term storage, efficiency, adaptability & extended functionalities. I wish to share this original experience.

The followings items will be detailed: free software based architecture, high bandwidth data storage management, silent data corruption, Grid5000 (OAR) based job scheduler, rich media processing, Dublin Core indexation, aged data import process.

I will close this paper with some data about costs & usages and evolution perspectives.

37 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

143 : Long-Term Preservation of Research Data from Humanities: a Feedback

Authors : Nicolas Larrousse, Marion Massol

Few structures today have experience and perspective on this new type of concern that is long-term archiving of digital data. This very particular activity must effectively be projected in temporalities that are quite different from the current very short life cycle, and general changes in the digital world. Making data durable in the long term is not limited to choosing a "good" storage technology; rather, it is a question of implementing a set of technologies connected to adapted procedures, but also of acquiring and developing new skills, such as expertise on formats and their development. We will present the issue and the solutions that are used today for this real need, focusing on our experience of data storage in Human Sciences and Social Sciences. The subject will be explored from different perspectives: The technical infrastructure to establish, the organization to plan based on the recommendations of the Open Archival Information System (OAIS) model, and taking into account regulatory aspects from the world of archiving. We will conclude by putting thoughts on today's digital data storage needs into perspective.

38 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

184 : GÉANT – Tomorrow’s Secure Research and Education Network

Author : Evangelos Spatharas

Information and system security isn’t a product that security experts can just research on and buy off the market. In contrast, security is an iterative process resembling more of a cat–mouse game between malicious users and “in-house” defenders. GÉANT is a leading security player which constantly battles what is called malicious using innovative approaches and tools. Adopting a strong security culture through frequent awareness training, GÉANT admits that cannot tackle attacks alone. In that sense, GÉANT “cheats” by having all staff actively engaged as a virtual team-member of the security team which is always vigilant. An equivalent of vigilant, is proactive. GÉANT makes use of an offensive security approach aiming to first identify and proactively remediate vulnerabilities before those are found by attackers. Regular vulnerability, penetration tests and auditing serve as a proactive defence measure for GÉANT. Deeper in the defence, the NSHaRP service resides, providing real-time automated alerts of different types of attacks to connected NRENs. Detection of the attacks, is of course the first step of the defence. FoD is the next step which comes to mitigate and recover services back to their normal operation utilizing state-of-the-art technologies. In the same line with detection controls, various dashboard panels communicate the most actionable events in a glance as those indicated by system logs from the equipment residing within GÉANT. Using a diverse mix of concepts, security tools and approaches, GÉANT provides a unique multi-layer defence ensuring services can scale horizontally and vertically with virtually no restrictions. This presentation aims to demonstrate how all the defence-layers tie together harmonically.

39 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

21 : Interpret your Flows with Znets2

Authors : Thierry Descombes, Jérôme Fulachier, Ismael Zakari Touré

ZNets is an innovative visualization software, for satisfying legal issues and improving security level of local enterprise networks.

Znets can deal with all network architectures, IPv4, IPv6, 802.1q ... The data required for operation must be collected from the edge router of the LAN. The technology used is based on the collection and analysis of incoming and outgoing network flows. Znets is a NetFlow / IPFIX collector, but can also be acquired directly from a dedicated physical interface. Deployment is simple, regardless of the architecture. These flows are indisputable. They represent all the traces left during connections and connection attempts by network machines. Acquisition is completely transparent from the entire network. Their consultation is only possible for administrators identified, through a secure web interface (HTTPS, password, X509 ...).

The use of libraries and introspection allows ZnetsV2 algorithm to correlate flows with geolocation and application level informations (even if the protocols are encrypted or operate on non-standard ports) The treatment of all these streaming allows: ⁃ store traces with a huge level of detail ⁃ study network metrology ⁃ Identify attacks in Real Time. ⁃ View complete machines inventory

The correlation between the metrology data with network streams, and also alerts with network flow, is simple (pre-completed forms, richness of information ...) and truly relevant. It allows a level of unequalled comprehension of the local area network.

40 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

80 : Monitor a Laboratory Network With Suricata

Authors : Cyril Bras, Marek Bertovič

Si vis pacem, para bellum…

In the current context in which cyberattacks are becoming increasingly frequent, no structure connected to the Internet can avoid them. In November 2014, CERMAV was subjected to a successful attack on its institutional web server, interrupting service for several hours. The methods used by the hackers would probably have been detected more quickly if we had been equipped with an intrusion detection system (IDS). This is especially true given that a few weeks earlier, during the C&esar 2014 security days in Rennes, we had attended a presentation on an IDS, SURICATA.

It was all we needed to help us take the plunge and equip the laboratory IT facilities with this system. However, we quickly noticed that the data flow was difficult to process without a visual interface, which is why we tested several display solutions, which we will present to you (SELKS & SNORBY).

This tool quickly paid for itself by detecting machines compromised by malware and institutional websites using base 64 encoding to protect their passwords.

The aim of this presentation is to give an overview of the various software solutions we tested as well as their configuration. Secondly, we will present our feedback on the use of probes in recent months as well as possible future developments.

41 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

159 : PARTAGE : 2 Years Later

Authors : Laurent Aublet-cuvelier, Stéphane Igounet, Eric Inocente, Maxime Charpenne, Fanny Marcel, Jade Tavernier

PARTAGE is a SaaS collaborative messaging environment offered by the French telecom network for technology, education and research (RENATER) for education and research. Based on Zimbra software, this platform takes on numerous extensions to create an entire environment for collaborative work.

Two years ago, PARTAGE barely launched with several hundred users. PARTAGE has tens of thousands of users today. This article offers feedback on the life of the project and also presents experience feedback from an institution using PARTAGE.

First, we return to the life of the PARTAGE project during the two years that have passed. This part allows us to establish a progress report on the PARTAGE platform, both from a technical and organisational standpoint, as well as to look towards the future of institutions in production on PARTAGE.

The second part is experience feedback from the University of Avignon and the Vaucluse. First, we present how the university established (led change, documentation, etc.) and described the set of collaborative tools in its service catalogue, to make PARTAGE a collaborative tool suite. Second, we introduce the integration of PARTAGE in the university's information system. We begin by addressing the automation of user account management from repositories (academic and HR department), then we present two integration examples in the PARTAGE agenda: 1. schedule: automatic integration of personal schedules with Hyperplanning, 2. Information System Operational Management (DOSI) incident and maintenance management: automatic management of an environment with a shared calendar from our ad-hoc interface.

42 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

33 : A Decentralised Approach to Achieve Email Infrastucture Scalability

Authors : Jean Benoit, Christophe Palanche, Benjamin Collet, Vincent Lucas, Fabrice Peraud

The Osiris email platform has a long history. Starting in 2000 with a few hundreds accounts, it currently hosts over 110.000 mailboxes and 26 TB data.

This paper aims to explain the key phases of this new email infrastructure setup based on FreeBSD, ZFS, Cyrus IMAP and NGINX. First, we will introduce the different technical options we evaluated and the background behind the design decisions we made, in order to respond to performance and extension needs in the years to come. We will then detail the platform architecture and implementation, including deployment strategies. Finally, we will tell how the project was carried out and we will give some feedback on the first months of experience operating the solution.

43 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

106 : Zimbra for Bordeaux University : Deployment and Feedback

Author : Laurent Lavaud

At the end of 2010, three of the four universities of Bordeaux launch a creation process of a unique institution named “la nouvelle université de Bordeaux”. Three years later, on January 1, 2014, “l’université de Bordeaux” is officially born.

In this context, many major projects are engaged. One of them, managed by IT Systems Department, is aimed to merge existing mail systems. The goal is to give users a single collaborative suite, efficient and facilitating exchanges : Zimbra.

We will see how, a year later, the whole accounts have been migrated, that is, nearly 6000 people and more than 45000 students.

The article will detail the whole project, whereas the presentation will focus on technologies and chosen procedures, such as the enterprise service bus RabbitMQ, Django framework and the reporting tool Birt.

44 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

15 : Feedback: Deploying a XiVO Solution of IP Telephony in the Institute of Molecular Biology of Plants

Authors : Magali Daujat, François Disdier, Jean-Luc Evrard

Facing of its outdated PBX, its building extension and strong interactions needed with the University of Strasbourg, the Institute of Molecular Biology of Plants (IBMP) had to set up a new telephony solution. Helped by the complete modernization of the network hardware, migration to an IP telephony solution (VoIP) seemed therefore a credible alternative.

The importance of a dynamic and an evolving solution was a key factor in the establishment of our specifications. For this purpose we have chosen a solution of VoIP fully GLPv3 based on the free software Asterisk. Indeed the institute had to anticipate the arrival of a large number of researchers, to prepare the establishment of prevention measures for isolated workers while ensuring the mobility of communications for research personnel.

When deploying the system, adding new features and administration were critical phases. These steps were successful due to the tight collaboration between the direction, the IT team and the integrator.

After three years of operation, we felt it important to share our experience to flag crucial points to which we faced, to showcase the strengths of XiVO solution, as well as show the evolving nature of this solution.

45 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

104 : Keys Escrow

Author : Bertrand Wallrich

Today, protecting sensitive (in terms of confidentiality) data means encrypting it. This solution is the most widely used. It can be seen in roaming, cloud computing, etc. But it has a new risk, related to cryptography: Loss of the decryption key means definitive loss of data. This loss may seem like an insignificant risk for an individual, but is serious at the organisation level, with significant damage possible. By definition, data that must be encrypted is confidential and therefore important data. Any attempt to solve this issue (plaintext data saving, recovery key and similar systems) adds weakness to the system itself, since it involves adding a possible decryption key, and the plaintext data is available somewhere... In some situations, these weaknesses would be acceptable.

As a solution, a generic term used in literature on this subject often comes up: secret keys escrow. To put it simply, it means placing a copy of the decryption key "in a safe place," just in case... But how can this be done without introducing a weakness into the system? How can one avoid placing all the keys in the same location? Should a few administrators be given all the rights? How can the keys avoid being encrypted themselves with another key without losing sight of the problem?

We will present a pragmatic and operational approach to escrowing keys, based on specific encryption algorithms, with interesting security features.

46 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

36 : Network Trusted Boot: Deciphering of Linux OS Transparent for the User

Authors : Pierre Blondeau, Davy Gigan

As part of implementation of our laboratory policy of systematic data encryption, we looked for a software solution that would allow systems to boot autonomously (without human intervention) and linked to our infrastructure (systems won't boot outside our network).

Our solution addresses both servers and users' machines.

We wanted to comply with some features when encrypting our data: - each system must have a different passphrase; - no requirement to learn as many passphrases as encrypted systems; - the ability to perform maintenance tasks without users being present.

For servers, the key benefit of our solution is that booting does not require an operator to be present to enter a passphrase.

For users' machines, entering a passphrase at each workstation boot up is often seen as a burden. Furthermore, for desktop machines that are not rebooted frequently, there is a significant risk for the user to forget the passphrase.

By design, our solution creates a pseudo-key escrow for each equipment registered with the service.

The operating system prerequisites are: - Linux operating system with an initramfs boot method; - entire disk encryption using LUKS.

Currently, the encryption client (in Python) is integrated into the cryptroot script used by the Debian and Ubuntu distributions to decrypt at boot-up.

Our solution is in place on over 300 machines.

47 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

64 : Contactless Mifare DESFire EV1 Cards

Author : Frédéric Pauget

Contactless cards are increasingly present in our environment. They have the advantage of being very simple for the user and providing a good level of security. Several technologies exist, but since the French body for coordinating university social services, CNOUS, switched from Moneo to Izly, one such technology will now begin to be used in a number of higher education institutions: Mifare cards.

The Mifare range includes several products, and we will focus more specifically on the most advanced version: the Mifare DESFire EV1. This type of card can store its own data in a secure and structured way. A single card can be used for a variety of applications without any problems, each of which is entirely independent of the others.

The presentation will feature the following points: an overview of contactless card technologies Mifare DESFire technology: card settings, applications and files reading from and writing to the card: tools used at télécom ParisTech feedback on the use of these cards at Télécom ParisTech since 2013: library, canteen, access control, centralised printing future use in a multi-entity environment: Paris Saclay University

48 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

94 : Feedback on the Attendance Control with Multiservices Cards

Authors : Gilles Taladoire, Philippe Olive

The University of New Caledonia (UNC) has implemented a multi-service student card, the SUP card. This project, which began in 2012, has been gradually rolled out for all services linked to the card: student card, borrowing from the university library, access control, student attendance checks, and payments.

We will present the origins of the project, its implementation and the problems encountered. We will then focus more closely on the student attendance checks carried out in the Science and Technical department and the University Technology Institute since the academic year beginning February 2015. This application links the Cocktail educational suite to Monécarte's Uniservices product, allowing student attendance to be verified by asking them to swipe their cards using readers in teaching rooms.

A tablet- or browser-based app allows the teacher to check and, if required, modify the student attendance record. Finally, we will present an overview of the experience from our first year: how it is perceived by students and teaching staff, the administrative benefits that result (presence of scholarship students, resizing groups for practical and directed work, improving student attendance and success?).

We will finish by discussing outlooks for improving interfaces and conditions, new possibilities for using this data and, finally, extending this to other UNC departments as well as extending the SUP card to other institutions in New Caledonia.

49 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

42 : An Attack Can Hide Another One

Author : François Morris

Through studying real but anonymised incidents, we will describe how to respond to an incident and to carry out a digital investigation. In order to illustrate our aim, we will use an example of a defacement that exploited a well-known and relatively old flaw in the SPIP CMS.

The analysis will reveal that there were two different attackers, with the second attacking as soon as the first published their defacement. We will show that in many cases, analysis does not require significant resources or a high level of expertise. A simple log search can suffice.

We will show that behind what can seem like a relatively benign defacement, the hacker fully compromises the system, hiding backdoors that allow them to re-enter the site with full control. We will describe the tools installed by attackers and how they can be detected. A vulnerability study will show that this is trivial to perform. We will see how lax server settings allowed the hacker, once access had been gained to the first site, to modify the other sites hosted on the same machine.

We will state some best practices to limit the risks of such incidents occurring, from applying corrective security measures to tightening settings. We will assess the impacts and consequences of the incident. We will also discuss the legal aspect, involving reporting the incident. Throughout the presentation, we will show that beyond this particular case, the same elements can be found in the many incidents of which we are aware.

50 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

44 : Robocert : Semi-Automatic Processing of Security Incidents Through Web Services

Authors : Jean Benoit, Guilhem Borghesi

Together, the IT department and the Osiris CERT deal with 600 security incidents every year. Such a large number of incidents is difficult to process manually.

The first attempt at automation was a simple script that simplified processing by bringing together the various steps of the process: opening an incident, collecting information, analysis, blocking the relevant IP address or account if required, tracking the incident, and closing the incident. This script already used a ticketing tool and a number of databases. Gradually, the idea developed to make the processing more automatic by using a structured representation of incident data in order to have a format that could be understood by a program. In collaboration with the RENATER CERT, incident notifications were transferred to us in a structured representation in IODEF format. To give a very simple explanation of how it works, our new tool, Robocert, decodes this format and collects as much information as possible to simplify the work of the operator who processes incidents.

This article describes the various structured representations currently used for security incidents. It also details how Robocert and the web services it uses work, and finally considers possible developments for this tool.

51 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

163 : Detection of Network Anomalies by Unsupervised Learning

Author : José-Marcio Martins Da Cruz

Network incident detection and flow filtering are usually done by devices implementing rules based on previous knowledge on what shall be allowed or denied :

- authorized and legitimate accesses - all other accesses are suspicious; - known malicious behaviours - all other behaviors are legitimate and accepted.

Rules are, most of the time, a combination of the two.

Both operation modes require continuous updates, are not perfect, and have advantages and disadvantages.

In the last fifteen years, we have seen the emergence of research aiming to detect anomalies in traffic without needing to be based on this a priori knowledge. But these research products still remain in academia and are validated against synthetic data which, in our opinion, are not enough representative of real conditions.

In the aim of evaluating the usefulness of this kind of technique in our network administration environment, we established a prototype based on unsupervised learning (clustering), allowing for packets to be grouped according to their similarity. The data analyzed come from a 'netflow' probe in a site entry router.

The results we have obtained so far show that, with simple heuristics, the most obvious positive result is a better understanding of what's going on our network and that trivial anomalies (scans and so forth) are easily identifiable.

52 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

32 : CERT OSIRIS: 2 Years Later ... What did They Become ?

Authors : Guilhem Borghesi, Marc Herrmann

Over three years ago, the University of Strasbourg and the Alsatian Delegation of the CNRS, the French national centre for scientific research, created a cross-disciplinary information security body: the OSIRIS CERT.

Despite its relative youth, the OSIRIS CERT has undergone challenges (internal audit on approaches to security incident processing), made fantastic discoveries (searching for weak passwords) and engaged in heroic battles (raising awareness among all users). It has also been on the front line for negotiations with governing bodies (IT system security policy, restricted access areas (ZRRs)) and has also taken part in international work ('Creating a University CERT' ('Création d'un CERT universitaire') CBP, NREN presentations in Sofia and Belgrade).

Now is the time to lay down our arms and to take a look back over the work of this organisation that, to our knowledge, remains unique in the French higher education landscape.

Come and hear the heroic tale of OSIRIS CERT's battles, war wounds and deeds of valour.

The presentation features: The initial battle plan Victories Current battles Defeats and retreats at the height of the campaign Long-term strategy The fight goes on!

53 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

37 : Building, Configuring, Deploying and Running Distributed, Peta-scale Data Analysis Software at IN2P3

Authors : Fabrice Jammes, Yvan Calas, Fabio Hernandez, Jacek Becla

Authors: Fabrice Jammes, Yvan Calas, Fabio Hernandez, Jacek Becla

The Large Synoptic Survey Telescope (LSST) will revolutionize astronomy. Equipped with the largest camera sensor ever designed for astronomy, the telescope will allow detailed observation of the universe on a greater scale than to date.

The instrument will conduct research from asteroid identification to the understanding of the nature of matter and dark energy. Operating from 2022 onwards, the processing of data produced by LSST requires computational power of tens of thousands of processors and several petabytes of data storage capacity per year. The program will run for at least a decade.

Celestial objects and their physical properties are identified and cataloged in a database which will eventually include trillions of entries. With a volume in the order of several tens of petabytes, this catalog will play a major role in the scientific exploitation of data produced by the telescope.

To meet these needs, a specific software called Qserv, is being developed by a team of engineers, the majority based at the American university of Stanford.

This paper presents the Qserv architecture, the challenges it must meet up to, its progress and the results of tests carried out several recent yearly campaigns.

The authors of this paper are part of the Qserv development team operating the testbed infrastructure that currently consists of 400 processors and 500 terabytes of storage. It is located at the computing center of IN2P3 / CNRS.

54 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

55 : Kali, Simplify the Use of HPC Clusters

Authors : Rémi Michelas, Laurent Mirtain, David Rey, Jean-Luc Szpyrka, Marc Vesin

Kali, clusters for dummies

A user of computing clusters can usually access multiple platforms, but often chooses to use one of them because of heterogeneity overhead : account creation, connection setup, hardware and software architectures, available tools, job submission, data management, etc. Besides that many scientists do not give a chance to high performance computing due to its learning curve.

Kali is a Web portal that offers a simple and homogeneous access to remote computing resources. Kali connects to the resources using SSH as the user, so the impact on clusters administration is minimal and adding heterogeneous clusters is easy. Kali helps a user registrate to clusters, compile codes, synchronize data and launch jobs. Kali can help both beginners and advanced users.

We will cover : - project motivation and goals, Kali compared to other tools ; - agile practices and their key role in the project ; - Kali as viewed by the user, the administrator and the developer (MVC architecture and Ruby on Rails) ; - project progress and Kali's outlook.

55 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

93 : Providing 3D applications through GPU virtualization by AIP-Primeca-Dauphiné-Savoie

Author : Thierry Henocque

Put on the market in June 2013, the first GPU virtualisation solution has opened the way for the virtualisation of 3D applications!

The AIP-Primeca Dauphiné-Savoie, which is an inter-institutional organisation for pooling mechanics and production and which distributes licences to partner institutions for around thirty software packages, immediately invested in a virtualisation architecture that is compatible with the many 3D applications used in these fields. After a year of testing and acquiring skills with the various architectures, a solution was made available to teaching staff from the beginning of the 2014 academic year.

Motivated by technical issues with stock management resulting from the number and complexity of software packages in use, this innovative architecture, based on a Citrix solution, immediately met our needs in terms of managing and rolling out different software versions. Remote access, which is independent of the operating system and type of workstation used by the client, requires no installation and allows teaching staff to prepare their lessons using the same settings as the classroom. It also allows students to use their personal computer to remotely access both software and their documents.

This report provides technical information on the chosen architecture, its sizing, its implementation and the performance tests that were carried out to ensure proper operation.

56 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

111 : Connected Studio for Multimodal Learning Design

Authors : Gaëla Vanderhaghen, Grégoire Colbert, Christophe Retourna, Carole Nocera-picand, Romuald Lorthioir

The "Multimodal Teaching Creation Workshop" project's goal is to make all digital and physical services offered to teachers at institutions in the European University of Brittany (UEB) community visible and accessible from a single interface. It also aims to inform teachers about available tools and their potential uses in the academic setting (in both synchronous and asynchronous teaching) and to allow pedagogical teams to shape their training model within a hybridisation strategy.

A test platform is expected to be released in November 2015. Teachers will be able to outline their teaching unit and see all the resources available overall to adapt their own course sequences. For example, they will be able to design an interactive course in a lecture hall, create a two-hour virtual class, prepare a placement test after 10 course hours, organize a seminar with an expert e-commuting to the room, tutor for an online course through the e-training platform, etc. The complete partnership of the teaching unit as well as reservations of different services (rooms, interactive whiteboard, electronic mailboxes) will be visible with this interface. This application will build on the institutions' information systems through synchronous and asynchronous connectors. User identification will occur through identity federation and will allow determination of specific rights connected to the role. It will also be possible to establish hybrid pedagogical scenarios by correlating the identity of the user and their rights within their institution. Finally, it will also be possible to re-connect scenarios to teaching units from the institutions' training catalogue.

57 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

147 : MaP - Multicasting Art Platform

Authors : Philippe d'Anfray, Don Foresta, Jean-Marie Dallet, Benoît Lahoz

MaP is an R&D project bringing together artists and scientists. The MARCEL consortium brought together 15 European partners (Université Paris 8, IRI Centre Pompidou, Ecole Européenne Supérieure de l'Image, CIANT Interactive (Prague), Instytut Chemii(Poznan), London School of Economics, University College of London, The Young Vic Theathe, MINTLab (Genève), CERN, CITAR (Porto), L'Ange Carazuelo, Ecole Nationale des Arts Décoratifs) and has received the support of several European NRENs, GEANT, as well as numerous scientific institutions and artistic organizations in Europe, in the USA, in Australia... The project is already alive and has encourage the creation of a "MaP community" which has organised various "MaP events" in France and in Europe.

This project is to build a multicasting platform for Art and Education – and Science – which responds better to users needs, offers high quality image and sound, interacts with other platforms, allows full user-control of all dimensions of a multipoint transmission and is of itself a creative tool. By combining multicasting technology with creative programing tools, the system will be an open one with templates for each specific use, conferences, workshops, concerts, theatre and dance performance, etc., which are open-ended and modifiable. Because the range of potential users from art, education and science is very large and needs varied, the platform allows users to tailor-make modules according to their specific demands. The consortium is made up of organizations from several disciplines for developing the tools, testing and experimenting with real-time educational and artistic projects engaging the public. It includes partners for evaluation and feedback to guide the process.

58 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

81 : An Architecture to Combine Strength and Freedom for Web Developers

Author : Philippe Daubias

University web sites are by their nature (openness to the world), obvious targets for attackers. This problem is reinforced with the growing use of third party CMS, where security issues (and tools to test them) are rapidly made available. As IT departments of some Universities merge, mainly to allow cost reductions by sharing and pooling, new mass production ways of functioning must be found to meet the safety requirements. These new methods must not impair the required high level of flexibility required by graphic designers, software developers or webmasters.

In this paper, we describe the architecture used at the ENS de Lyon to host 500 Web servers, built upon 10 years of capitalized experience. For each technology, we associate one validation platform for site developers, with production virtual servers devoted to end-users. This opensource architecture brings a higher security level than the more widely found web-host model: no access to the production server’s filesystem is granted to developers and their only access to the production database is through the deployed software (CMS or home-made). These access restrictions are compensated by a set of automation shells that developers can use to freely do all the actions needed to update their sites or software, without having to request the help of any sys-admin. Our developers and webmasters, far from complaining about this system and its limitations, approve it by a large majority: any difficulty while deploying the software doesn’t mean disturbance for the end-users and getting back the site to its original state after an attack is a fast and easy process.

59 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

172 : What Confidence Can We Have in X.509 Certificates?

Author : Giles Carré

IT system security relies heavily on asymmetric encryption using public/private keys and the digital identity card that accompanies it, the certificate. Certificates allow a public encryption key to be linked to an identity (a person or an organisation), certifying this link.

The RGS (French government general security recommandations) and the PSSIE (French government IT system security policy) take this certificate-based approach, insisting on the concept of trust. Although the concepts behind certificates and their uses are well defined, their deployment is nonetheless subject to a number of difficulties that could harm their credibility.

This article will begin by revisiting a number of the principles behind certificates (asymmetric encryption, creation, destination, certification authorities and policies, etc.).

The issues will be discussed from several viewpoints:

certificate element: certificate owner, users of third-party certificates; service element: supplier or user; solution element: certificate supplier, product manufacturer or software publisher using certificates; security criteria element: confidentiality, integrity, accessibility, non-repudiation.

The presentation will give us, as suppliers and users, hints to properly integrate certificates, because although certificates are not a perfect solution, they nonetheless remain a good one.

60 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

67 : Data Protection Governance: a Feedback

Author : Frantz Gourdet

By following the requirements of the Standard for the Certification of Privacy Governance Procedures within Organisations set out in December 2014 by the CNIL, the French data protection authority, local aims in terms of protecting personal data are becoming more exhaustive and more measurable but are not necessarily any more realistic in our institutions.

Stabilising the Internal Data Protection Mechanism, developing expertise in a method for assessing data compliance with the French Data Protection Act, improving the system of Incident and Claims Handling allowing people to exercise their rights, are all approaches that are often full of pitfalls and paved only with "good intentions".

We propose to describe the methods put in place in order to overcome these difficulties and to approach reasonably 'effective' protection of personal data.

Analysing the most significant issues in organisational terms, the article describes, as an experience feedback, the outlines and limitations of an approach that is simultaneously legalistic, managerial and technical, in which the CNIL's Privacy Seals on Privacy Governance Procedures named 'Gouvernance Informatique et libertés' acts as a common thread and operational driver. The concrete results achieved using this approach are also commented on.

Keywords Protecting personal data, governance, procedures, DPO-CISO relationships, privacy by design

61 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

129 : Angel and / or Demon, Why is Bitcoin Inescapable ?

Author : Jean-luc Parouty

I'm only six years old and you have already heard a lot about me. My life could be a book... Despite my mysterious origins, some bad company and certain questionable friends, I have always strived to offer you the best I can!

Both a payment system and a currency, I independently facilitate and accelerate your transactions for a fraction of the traditional cost. No bank owns me, no state controls me, no central bank can multiply my cash...

I don't belong to GAFA or anyone else, but rather to everyone... no secrets hide me, no patents tie me up; I am transparent and you can discover everything about me. Although my creators have stepped aside, a large community now supports me...

We will explore what I am and how I work. How my mere 100,000 lines of code were enough to shake up the last Titans of the pre-digital era... There are a thousand things I can do and a thousand more that my descendants and I will be able to do tomorrow...

Cryptography allowed us to secure our exchanges and IGCs will bring a model of trust... But all trust has its limits, and BlockChain technology now allows you to go beyond them!

Today, I facilitate and liberate your financial transactions. We will explore how I can also arbitrate your proofs of work, protect your rights and even manage your assets...

All while being independent and free-standing! Your devoted Bitcoin

62 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

52 : Centralized, Decentralized, Peer to Peer, What Words for the Architecture of Distributed Systems

Author : Stéphane Bortzmeyer

For years, there have been debates around distributed system architectures. For example, people criticise the fact that Facebook is a 'centralised system' and try to create an equivalent that does not have this property. People also welcome the fact that BitTorrent is 'peer-to-peer'. Snowden's revelations in 2013 intensified these debates, with Google, Amazon, Facebook and Apple not only being centralised but also suppliers of the PRISM spying network.

The problem in these debates is that words are often used in a very lax way, or even used to mean the opposite of their actual meaning. As a result, people can be heard criticising the fact that DNS is centralised (which is false) while being proud of the fact that they use IRC (which is in fact centralised). Does the fact that a centralised system is distributed over several machines make it decentralised? (This has been said of services such as DNS root and IRC.) Is BitTorrent really peer-to-peer in how people use it (with a search engine like ThePirateBay)?

Should we launch a Quixotic attack in an attempt to redress the terminology, fighting to impose the use of the 'right' terms? It would be extremely tiresome, and would likely be ineffective. Terms such as 'centralised' or 'peer-to-peer' are becoming impossible to use with so much controversy around them. In this report, I will instead attempt to define the various classes of distributed systems in a different way, based on the role each can play in a particular organisation.

63 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

86 : Reclaim Online Privacy, Study of a Caliopen Detail: Privacy Indices and Key Management

Author : Laurent Chemla

Caliopen is a free software suite for managing private correspondence. After giving a brief definition of the project, its objectives in terms of protecting private life, and its ambitions, some of its specific features that are likely to be of interest to other projects are mentioned.

Privacy Index

To give members of the public better control over their private lives, Caliopen proposes linking a confidentiality index to each of the elements of its interface. By enabling users to increase this level easily, displaying these indexes encourages them to better protect themselves and their contacts.

Although the way these indexes are calculated requires considerable refinement during the project's beta stage, its outlines are already clearly defined.

Public key management

One of the main elements in guaranteeing confidentiality for online private correspondence, and which will be very important when calculating confidentiality indexes, is encrypting exchanges.

To achieve this, creating and distributing a public encryption key is essential. Caliopen has chosen to distribute these new keys to its users via DNS.

The reasons for this choice, which also presents a number of disadvantages as recently mentioned in an IETF draft, warrant analysis.

In conclusion: these two specific points, created by Caliopen, go well beyond the scope of this project. Parallel work is ongoing at the IETF (IETF draft, RFC 7444, at Enigmail and elsewhere).

64 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

76 : An Authorization Service for Virtual Organizations

Authors : Anass Chabli, Etienne Meleard

The authorization service offered by RENATER is a lightweight solution for managing access to web services for Virtual Organizations (VOs) like communities of research and education.

Many VOs already use Sympa via the “Universalistes” service as a group manager, which hosts 1100 groups (with a maximum of 20,000 members per group). That is why RENATER oriented its “Universalistes” service around SYMPA, extending its functionality with Shibboleth Attribute Authority.

Using “Universalistes” VOs can allow members in their groups to access to services operated by RENATER or third parties (e.g.: access to online journals). Authorized services can also use group membership information from Universalistes.

For example, RENATER implemented an authorization service to authorize user of it’s premium Filesender service. The current FileSender service is open to all users of the community research and education but is capped at 10GB per user. In the premium version, the members can manage their own list of users allowing them to use up to 200GB.

65 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

121 : Social2saml : Delegate Authentication to Operators

Author : Olivier Salaün

Federated identities and SAML protocol allow to open access to online services within the Education and Research community, thus saving the burden of users identity management for each online service. However some online services target a wider audience and the SAML infrastructure provided by Fédération Education-Recherche is not sufficient; we may think about prospective students, alumni, parents of students or more generally "guest users". But most of these users already have an account and authentication credentials provided by their favorite social network provider. These social network operators also provide an authentication API to let third-party services authenticate users they have in common. These alternative authentication methods can provide and interesting complement to the SAML infrastructure used by French institutions. That type of accounts can be compared to Guest accounts RENATER provides via the "Comptes Réseaux Universels".

RENATER, the operator of the national SAML infrastructure is developing a pilot service to provide a unified interface to different social networks authentication mechanisms: Facebook, Google, LinkedIn, Yahoo, Microsoft Live@edu. The provided service allows institutions to extend the perimeter of their guest accounts service. User authentication to access Education/Research services might be performed through these social networks, without the burden of implementing each new authentication protocol. The Social2SAML architecture consists of a set of gateways (one per social network) acting as an Identity Provider (IdP) in the SAML world and as a Service Provider (SP) against the concerned social network.

66 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

139 : Modernization of Data Exchanges of Individuals in the Information System

Authors : Alain Zamboni, Arnaud Grausem

Managing access and data exchange within increasingly complex information systems is a significant concern for academic institutions today. In fact, the systems are growing larger due to institutions merging and even partnerships between regional educational institutions. Several products have emerged as repositories, such as GRHUM and soon SINAPS.

Additionally, data exchange is becoming more modernized and trends are swiftly moving away from strong coupling database-to-database synchronization operations and instead toward enterprise service buses, which allow an easy connection between applications through configurations rather than specific developments. Ideas of web services, exchange middleware and message and routing table transformation for data are becoming more and more apparent in our respective information systems.

We will explore how the University of Strasbourg has begun to move towards these types of solutions, focusing on: a strong abstraction layer to define business objects to allow for easier comprehension of recovered data, no matter what the source is; the idea of Acmeism, by propelling specifications such as SPORE in order to standardise exchanges in an extremely varied technical landscape; internal construction of a repository defining the new data source for individuals in our information system.

With over two yearsâ€™ production experience, we will see which paths of change allow to better improve the exchange flow, from production to operation of all our data.

67 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

12 : Numerics : 1, Environment : 0. With EcoInfo, Let Us Change Practices

Authors : Francoise Berthoud, Laurent Lefevre, Marianne Parry

2015: France hosts the 21st United Nations Climate Change Conference 2015: EcoInfo, recently converted to a service cluster, turns 10 2015: IT engineers meet at the Network Conference (JRES)! This event is a unique occasion to leave a footprint of environmental responsibility at JRES 2015. Paris welcomes the Climate Conference; as IT engineers, will we stay away from the initiatives and solutions to fight climate change? No! Particularly as experience feedback is increasing. Today, we have chosen to bring visibility to your best practices, the ones that are becoming established in the world of research and higher education. So, board the train with those who are already there and together we will make strides in reducing greenhouse gas emissions and all sorts of other pollutants! We address criteria related to sustainable development in our purchases, energy management in our computer rooms, green design of our data centres of all sizes, waste management: the borders of our work are changing. Gone are the days when IT engineers had eyes glued to their screens and hands glued to their keyboards. Today, best practices are emerging and are beginning to spread. Today, researchers no longer ignore the impacts of ICT on the environment. This presentation is intended as a catalyst for change around a common goal: to participate in the COP21 movement.

68 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

61 : UEB C@mpus : a Unique Digital Campus

Authors : Christophe Retourna, Gaela Vanderhaghen, Julien Aussibal

The UEB C@mpus project, submitted in 2008 by the European University of Brittany (UEB) Comue, has been chosen as a 'Promising Campus'. It has created a truly digital regional and multi-site campus across the 28 UEB institutions by strengthening and developing collaborative practices through the deployment of technologically innovative services and equipment. Deployed in several stages since July 2014, all UEB users can now benefit from a service portal, a total of 29 connected video-conference rooms including 15 remote lecture halls, 13 telepresence rooms, and a directed study room to help with their research, teaching and governance tasks (72,000 students, 8500 research staff, 149 laboratories). With four new buildings to be handed over at the beginning of 2016 as part of the project's property element, 54 rooms will be operational across Brittany.

The first feedback on use confirms the strong points of the project: fully pooled facilities, little rearranging required, discussions facilitated thanks to the high-quality sound and image, session recording and making videos available on the portal. The services proposed and the solution architecture chosen result from these strong points: little or no effect on institutions' IT systems, a single reservation portal, a single provider for janitorial tasks, operation and maintenance, guaranteed service. The process of managing change in line with use, which has been in place from the start of the project, has already highlighted significant improvements, laying the foundations for major developments in the future, particularly in the context of the future Brittany Loire University Comue.

69 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

11 : So that Big Data does not Mean Big Problems

Authors : Romaric David, Michel Ringenbach, Jonathan Michalon

Focus on big data What does big data mean for me? An abundance of servers? Millions of euros? What do we do with all these bytes?

The University of Strasbourg information centre offers researchers at the Alsace location a shared environment complete with supercomputing.

While technological shortages related to computing performance are finally easy to address, the same cannot be said for data: there is a surge in the volume, flow and number of files. In addition, new uses and scientific needs introduced by researchers have shaken us up. We will present the long-term impact of these extreme requests to which we had to respond. Effectively, without a customised response, the information centre had stopped being important for researchers, and could have collapsed.

This presentation will detail the procedure we followed to develop storage infrastructures for the information centre, and the overall impacts on the architecture of computing resources. In particular, we will introduce the methodology used, the full-sized tests on different storage systems, and the architectural decision that was used in the end.

This is the story of supercomputing Managing data through computing Volume, Variety and above all Speed Wound up finding a shoe that fit.

70 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

68 : FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data

Authors : Jérôme Pansanel, David Benaben, Catherine Biscarat, Yonny Cardenas, Hélène Cordier, Pierre Gay, Benoit Hiroux, Gilles Mathieu, Emmanuel Medernach, Jean-Yves Nief, Geneviève Romier

For several years, system and network administrators have been under constant pressure to provide more and more developed services that are highly accessible from budgets that are constantly shrinking. Added to the equation is a regular drop in the number of IT staff in most laboratories. In this difficult context, several laboratories that collaborate as part of the scientific interest group (SIG) France Grilles have decided to take up the challenge by creating a new and highly accessible service for managing scientific data based on iRODS.

After an introduction that recaps this context, the first section will cover the project's aims and the various lessons we have learned as a result: * Pooling efforts and resources * Reducing costs * Benefits for small communities of a 'production' level service

In the second section, we will present the technical infrastructure put in place. We will explain how it integrates into the France Grilles infrastructure by providing details of services offered to users, such as: * User support and training * Sharing expertise * Optimising iRODS's performance and use

Finally, in the third section, we will present use cases that demonstrate some of the available features (managing data streams, 'tailor-made' rules, etc.), the policies put in place and the various measures taken for users (hosting projects and analysing needs, monitoring, training, support).

71 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

138 : Digital University Exams: Safety, Technical and Organization

Author : Pascal Aubry

Preparing the ECNi (national exam for medical students) is not just a logical evolution of student evaluation. It is also a non-standard project for ITs: any malfunctions on any site can cancel the entire exam. High availability is really very critical, an unusual situation in universities academia (except hospitals). Moreover, this innovative project focuses all the attention of university governance, naturally concerned about the image of their establishment: problems recently observed in a few universities immediately echoed in the national press. Therefore, all processes must be perfectly under control: the awareness of staff and students, preparing tablets and infrastructure... This article shows how the SIDES project (online evaluation for health studies) was conducted at the University of Rennes 1 since September 2013. We tell what the role of each of the project actors should be, focus on security aspects (analysis, treatment and acceptance of the risks), and show how the technical evolution of the network architecture for the ECNI benefited the entire university.

72 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

133 : Deployment of the Project "Educational Platform and Tablets (SIDES) Toulouse 3"

Authors : Nicolas Jayr, Antoine Lacombe

After their sixth year of medical school, students continue on to the National Ranking Examinations (ECNs). Based on the rank obtained, each student chooses a specialisation and a geographic subdivision.

Until now, these examinations were taken traditionally on paper, with hand-marking, barely- distinguishing rankings, expensive logistics and limited measurement.

Starting in the 2015-2016 year, the ECNs are becoming decentralised, paperless and marked automatically with the roll-out of digital tools: tablets connected to teaching and evaluation platforms. Universities have organized to offer their students exam preparation that is adapted to this new format. For this, the universities have been sharing an evaluation platform called SIDES (SystÃ¨me Informatique DistribuÃ© dâ€™Ã‰valuation en SantÃ© [Distributed Information System for Medical Evaluation]) since November 2013.

The goal of this presentation is to describe changes in pedagogy and technology as well organisational impacts. In the world of pedagogy, this means new methods for evaluation, audiovisual document integration and reasoning identification.

In terms of technology, it will be a question of rolling out tablets and changes to the network infrastructure (Wi-Fi, wiring, VLAN re-organisation) as well as security aspects.

Finally, regarding organisation and logistics, administrative and teaching roles are undergoing changes and require subsequent support.

Together with all other medical schools, Toulouse medical schools launched their first operational school exam-taking centre over a year ago. Installation and certification of an exam centre is underway for the June 2016 exams.

73 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

82 : A CMDB at the University of Strasbourg

Authors : Virgile Gerecke, Julien Dupré

The CMDB, or configuration management database, is at the heart of the configuration management process. More than an inventory, the CMDB is designed to form a link between the various elements from multiple inventories and databases and to provide a logged version of these elements and their interconnections. In addition, it is a tool which, although it might seem promising after taking ITIL training, is very theoretical and difficult to implement. In 2009, an initial working group from the IT Department at the University of Strasbourg began work on the topic of the CMDB but this did not lead to a way of implementing the technology. Despite this setback, a new project to implement a CMDB was launched in 2013. Creating this CMDB uses iTop, a product whose qualities and limits will feature in the presentation. We will focus on presenting:

the synchronisation and data import mechanisms as well as the difficulties of linking this data; the iTop data model and the way the data is extended in order to model the layers of the IT system architecture the issues with an approach such as this but also the tools' limits and the benefits that result, such as the possibility of carrying out impact studies.

The aim of this presentation is to give transparent feedback on our approach, which prevents loopholes, and to capitalise on interesting ideas in defining a meta-model and implementing the holy grail that is CMDB.

74 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

57 : Campus Best Practices

Authors : Vanessa Pierne, Jean-François Guezou

This article presents the implementation of the Campus Best Practice (CBP) project in France and the results obtained since 2012. This is part of the GEANT project, funded by the European Commission. The objective of CBP is to produce best-practice documents for the operational teams in charge of deploying new infrastructures or services. Fifteen European academic networks take part in CBP.

In France, it is managed by RENATER, with a working group of around twenty people from the research and education community (universities, research centres, metropolitan networks, the French Ministry of National Education, RENATER, etc.). Participation is open and made on a voluntary basis.

The working group uses the following model, which has been adapted to suit the specific requirements of the French participants: 1. Organising meetings to share institutions' experiences 2. Implementing working groups to discuss best practices 3. Drafting documents 4. Developing best practices

The discussions held before drafting allows issues concerning the whole community to emerge.

Currently, 11 documents written by the French group are available on the RENATER and GEANT websites, and five new documents are being drafted. Overall, 100 documents covering six major themes have been drafted by all NRENs since work began. Participants also present their work at conferences, both in France and abroad. Promotion is considered a key element for distributing best practices.

75 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

141 : Statistical Tools for Data Mining in Log Files

Author : Yves Agostini

After a quick reminder of basic statistics and an introduction to the open source software R, this presentation will address data searching from different types of trace files using statistical methods.

The goals are to search for abnormal events with the aim of preventing them, and searching for compromising indicators.

We will see that the statistical approach is by nature inevitably imprecise, and there is no absolute methodology in data searching. Nevertheless, the results obtained allow the implementation of additional detection procedures on top of simple event counting.

76 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

27 : Log Management: Monitoring and Operating IT Assets with Graylog

Author : Johan Thomas

This presentation shows how a tool (Graylog) can be used to centralise and analyse log files within a computer stock. The originality of this solution lies in the scope of the computer stock. Log centralisation tools are more traditionally used for system and network infrastructures. The Rennes education authority has deployed a tool to collect and send log/event viewer data on its more than 1200 workstations spread over 9 sites. The NXLog tool converts event viewers and log files from workstations and servers into GELF format, focusing on information of interest. The Graylog server centralises all of this information and analyses it, allowing dashboards and alerts to be created and information to be re-routed. Graylog was chosen due to its many natively integrated features (dashboards for each user, alerts, authentication, upgradeability, ease of use, etc.). Graylog is responsible for the GELF format. This provides a number of improvements over the traditional syslog format. The centraliser uses an Elasticsearch database to store all information.

Used in production for over 2 years, this tool has enabled functional and dynamic dashboards to be created to provide assistance. In certain cases, these dashboards help to enable assistance teams to play an active role (intervening before data loss occurs, for example).

77 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

109 : Logs Centralization and Management

Author : Jonathan Schaeffer

Event logs for systems and services are an indispensable resource for administrators. They are used to analyse activity, detect anomalies and activate alarms.

The increase in virtual servers and services to operate is creating a surge of these logs in a multitude of files on a large number of servers. Administrators must implement additional constraints. On the one hand, policymakers ask us to be able to provide activity logs for one year, and on the other hand the French Network and Information Security Agency (ANSSI) recommends that we centrally manage this information mine in an effort to improve the security of server farms. It is now essential to ensure reliable management of the volume of data produced by these system logs.

While simple solutions exist to compile the logs (rsyslog, syslog-ng), they only constitute the first part of a whole range of challenges: large-scale deployment of log collection; ensuring that configurations are always in good condition; using the wealth of information that will be collected.

Here, we propose solutions to these three challenges. These solutions are being implemented in production at the European Institute for Marine Studies (IUEM) and rely on several software elements: syslog-ng; logstash; kibana; elasticsearch; puppet; logrotate.

The goal of this presentation is to illustrate the established configuration, to analyse its advantages and disadvantages, and to provide information necessary for redeploying the configuration in similar operational contexts.

78 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

47 : AGIMUS-NG or Usage Indicators of our Digital Services

Authors : Guillaume Colson, Nicolas Can, Julien Marchal

In today's world, knowing that a digital service is more or less used is not enough to create a digital strategy. Agimus-NG allows you to know more. Who is using it (ideas about profiles, population)?

When is it being used (time interval, specific period, etc.)?

Where and how is it being used (viewing device, open access room, BYOD, via the institution's WiFi, internal or external wired networks)?

Why? What sections or pages of the service are viewed most often?

The Agimus-NG project is an open source tool aimed mainly at organisations working in education. Based on the ELK trio (Elastic, Logstash and Kibana), it contains scripts and settings that allow it to incorporate large log files, expand them with information from your IT system and index them in a NoSQL engine for real-time rendering of contextualised indicators. The eSup-portail consortium coordinates the pooling of work between universities to facilitate adoption of these tools and their sharing nationwide.

Our roadmap: providing anonymised data;

integrating into varied IT environments;

remaining as minimally invasive as possible into IT systems while using them as a database;

developing as a community under a free licence.

Agimus-NG finally a tool that makes sense of our log files.

79 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

134 : Monitoring with OMD (Open Monitoring Distribution)

Author : Hugo Étiévant

OMD (Open Monitoring Distribution) is a distribution dedicated to monitoring. It relies on the tool Check_MK, which offers a different paradigm from the market's monitoring tools: reducing the bandwidth used by using a passive super probe installed on the client's end, detecting and automatically taking inventory of services available from a host, major configuration flexibility based on dynamic rules, delegation of rights.

OMD integrates all the necessary tools into a single distribution: orderer, user and administrator web interface, mobile interface, system metrology tool, wiki, ticket management, mapping tool. OMD is compatible with the Nagios ecosystem; it represents one more step in the development of monitoring tools, somewhat like hypervision. A review of the main features will take place, and operating principles will be described.

We will explain the monitoring revision project at the Lyon institute of higher education (ENS), managed by applying the M4P method (developed by Lyon universities), in connection with the service project and the operation of different IT department teams.

The human aspect being at the heart of these technical jobs, we will see how installation of new tools impacts service procedures and collaboration between IT engineers both within and outside of an IT department.

Experience feedback will be shared based on the monitoring platform's two years of operation at the Lyon ENS.

80 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

180 : Manage an Immutable Infrastructure in Containers with Docker

Authors : Nicolas Muller, Jerome Petazzoni

How to certify that all servers have exactly the same installed software, the same libraries, the same security patches ? A configuration management utility as Ansible, Chef, Puppet, or Salt can handle it. But this process can also be based on an immutable infrastructure.

The aim of the immutable infrastructure is to never modify or update the servers after its deployment. That means each change requires the creation a golden image, used to deploy all perfectly identical servers.

All deployed servers are certified to have exactly the same software, because they are deployed with the same image. In addition, saving each golden image ensures the possibility to roll back to a previous version.

Container's technology allows to easily create images, then to distribute quickly to a large number of computers. The concept of immutable infrastructure becomes accessible and easy to use on a virtual or physical server.

First, we will present the principle of immutable infrastructure. We will mention its impediments and explain how containers overcome them. Then, we will detail its implementation with Docker.

After, we will cover the system of Docker's cache. When the changes are minor, this cache can reconstruct an image very fast. We will also present the "registry" of Docker, allowing storage and transfer of images.

Finally, we show how to make a backwards step and how to save data when updating a version. All presented techniques can be easily transposed to another type of containers. All the presented tools are open source and free to use.

81 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

135 : Approval and Implementation of the General Security Standard within the Ministry of Education

Authors : Jean-Marc Asensio, Jean-Louis Brunel

The decree 2010-112 of 2 February 2010 in the general security database (RGS) specifies the regulatory dispositions related to risk studies and to security certification of information systems. In this framework, the National Ministry of Education implemented a certification strategy and procedure that take the reality of these information systems into account. Most of these systems handle personal data and therefore are included in the scope of the dispositions of the Data Protection Act. Through three major steps, the presentation will clarify the procedureâ€™s objectives by re-establishing them compared to the National Educationâ€™s certification strategy and regulatory constraints. It will explain: â€¢ Adapted risk studies implemented in the institute in accordance with article 3 of the decree, which are based on the Expression of Needs and Identification of Security Objectives (EBIOS) guide established by the French Data Protection Authority (CNIL); â€¢ Technical compliance audits that check effective establishment and robustness of security measures determined in risk studies; â€¢ Writing certification reports that summarise the two previous steps and create the base of certification files and decisions made by the certification authority.

82 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

101 : Digital Safe

Authors : Bertrand Wallrich, frederic Beck

Digital vaults are intended to solve security issues without impacting user usability. This includes working collaboratively, on software developments, document t or data management. This issue is even more critical when writing or sharing confidential documents, working with an industrial partner, or simply working on data impacting people's privacy.

We present here an approach similar to physical safes, but adapted to the digital world. As we would do with a physical safe, a user must "enter the safe" to unlock the data access for himself and other users of this safe. The safe must be self-sufficient and contain all the necessary data and working environment required to manipulate these data, including simple tools, like a text editor, a version management software, or more specific applications related to the contained data.

The idea is to reinforce the security and confidentiality of the data by relying on virtualization and cryptography. The first user entering the digital vault opens it, and makes the data visible to all users; the last one leaving will trigger its closure and relock the access to the data. Wherever the data are stored, it avoids any unwanted access or data leakage, which would not result from a voluntary action by a user. No matter the safe's state, deciphered data aren't exposed outside the safe.

During the presentation, we will describe in details all these steps, as well as the technical and security aspects of the solution.

83 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

185 : RENATER 6 - Evolution of Switching and Routing DWDM Optical Transport Equipments of RENATER

Authors : Karim Boudjemaa, Dahlia Gokana

From 2015, the RENATER network will undergo an upgrade, known as RENATER 6, designed to implement new optical and routing equipment in order to meet the requirements of the Higher Education and Research community.

We will present the planned technical changes and will give a step-by-step explanation of the intellectual process that led to RENATER 6 : from the studies carried out within the public interest group to consulting market players via a tendering procedure and choosing candidates that met the criteria.

In technical terms, RENATER 6 will affect all network sites to provide increased uniform capacity across the region as well as increased resilience. The optical field will undergo significant changes with the arrival of new optical technologies (coherent 100G, OTN matrix, etc.) and the implementation of new engineering choices: widespread protection at the optical transport layer. RENATER 6 will also replace all of our switching and routing platforms with next-generation equipment to allow us to provide the community with high port density, increased flows (up to 100G) and even more innovative services.

Finally, we will examine the technical and economic benefits we expect this change will bring.

84 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

62 : Routed Ethernet

Author : Christophe Masson

With the arrival of new IT services and server virtualisation, the architecture of server rooms has been considerably modified. The architecture used has become close to that of a data centre.

Firstly, virtualisation requires heavier use of server resources, resulting in increased incoming and outgoing flows. This change has also modified data flows as we have moved from vertical to horizontal flows. As a result of this change and in order to guarantee sufficient flows as well as high network availability times, we therefore looked for a solution of the future that would provide a high-performing and adaptable network. That is why we turned to a routed Ethernet solution.

The presentation will firstly introduce the major advances that the TRILL protocol provides over a traditional network (based on an Ethernet grid with an anti-loop protocol such as MRP or Spanning Tree) but also all the technical and economic advantages this solution brings.

85 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

190 : Timing, determinism control, and security in networks

Author : Gérard Berry

The presentation will study the question of time in networks, for aspects such as clock synchronization, transmission of time-sensitive data such as music and video, and especially the temporal guarantees necessary to make real-time distributed systems reasonably deterministic. It will also address security issues, particularly those related to time in networks.

86 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Posters abstracts

In alphabetical order

87 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

158 : 6PO: Print Solution Without Driver Os-agnostic

Author : Frederic Bloise

As a system administrator, you have worked hard to allow users to print from any machine in your stock. No matter the operating system or machine architecture, you have facilitated the use of these connected printers by making their management transparent. You have limited printing through access rights and quotas. One day, however, a user comes to see you and asks, "How do I print from my tablet?". You could respond that it's not possible and that he could use one of the many computers available. But, deep down, you know that you would only save a little bit of time, and that in the middle of a BYOD epidemic, you are surely encountering your patient zero.

By adding 6PO to your CUPS/Linux or Windows Server architecture, make the most of your work and, going forward, offer all users the ability to: - print PDF documents, images, Office documents, e-mails, attachments, etc.; - print from anywhere with just an Internet connection (wired, WiFi, 3G, etc.); - print with any type of terminal; - free themselves from driver installation no matter what terminal and printer are selected; - continue to enjoy basic printing options offered based on the printer's abilities: colour, black and white, two-sided, number of copies, etc.; - use their normal login user names.

6PO is a 100% free-standing solution.

88 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

70 : AMUE Service Offer

Authors : Olivier Batoul, Joseph Bezzina

Amue, the software publisher for higher education and research institutions, is charged with, among other things, supporting its members in the implementation of its products (Finances, HR, PMS, education). This support covers all aspects such as training, project management, installation and customisation. Until now, it was customary for each member to involve its own department in order to install, administer and run the product it acquired. Amue is currently offering an IT system product in the form of services in order to adapt to meet members' needs.

This service offering is:

- modular: features a number of work units; - multi-level: infrastructure, technical, app-related; - adaptable; - secure: external service guaranteeing secure access to the app and data, with high accessibility in an environment certified by Amue.

This range of services enables users to:

- rapidly deploy Amue applications, including as one-offs, in a reversible process; - control the dedicated budget; - refocus on the heart of institutions' roles, by outsourcing the infrastructure of the equipment and/or the technical and application administration; - meet data access and security requirements.

Sifac in hosted mode, Siham in hosted mode, Siham PMS in cloud mode, it's here!

89 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

78 : Collaborative Information System Mapping

Authors : Aurelien Minet, Jocelyn Viallon

Mapping is a widely used tool, though heterogeneously. When available, it is a great opportunity for dialogue, understanding and analysis, which is essential to make quality decisions. It can be a reference when preparing strategic or technical changes, measuring incident impact, or visualizing data origin. How could this best practice be promoted and shared ?

The approach chosen to support this view at ENS de Cachan has been to develop a tool for it: Cartowiki. Its founding principles are inspired by the concepts of open democracy, applied to IT governance: Transparency : opening data, using simple and didactic visualizations, showing inner mechanics, allowing for monitoring of policies. Collaboration: breaking down the silos within the IT department and the institution, supporting transversal work.

For these reasons, Semantic Mediawiki is used as a basis, on top of which a set of dataviz plugins has been developed. The wiki provides native collaboration and traceability. The semantic structure adds a flexible yet structured data model. The dataviz extensions allow for automatic diagram and chart generation.

In the end, using a common tool opens up a new perspective, providing a global view and transversal links between departments. Massive open data at the institution level enables everyone to share the same global view, and to be able to make up informed and critical suggestions on how to improve the IT system they belong to.

This tool is still in active development, we invite you to test it and take part in it.

90 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

88 : Feedback on the First Wired University Building Using Fiber

Authors : Gabriel Moreau, Olivier De-Marchi

The LEGI laboratory specialises in fluid mechanics and has around 130 members. A major user of computing centres, it also has a significant experimental aspect and features large equipment (wind tunnel, wave flume, etc.). With help from Grenoble-INP, a major institution, LEGI built two new buildings on the Grenoble campus in 2012-2013. One of the aims of the construction project was to bring together experimental data, data from computing centres (IDRIS, CINES, etc.) and our own computing servers in one central location. We therefore needed a hub-and-spoke network formed of direct, high-performance links from offices to the server room, but above all from experiments in order to ensure fast data transmission (10Gb/s or higher). A traditional copper network was not chosen due to transfer speeds, distance (>80m) - which would necessitate installing sub-distributors – and difficulties with integrating the old network.

A brief description of the chosen solution follows. Three cables of 72 single-mode fibres leave the server room and pass through the hallways until they return to the starting point. As a result, all physical points of our premises are less than 20 m from one of these loops. At regular intervals, one or two tubes of six fibres each are extracted from the cable and connected to a junction box. From this, a single LC/LC jumper connects to an experiment or an office. An optical LC socket or a 6-port administrable micro-switch (including 5 RJ45 ports) is integrated into the terminal conduit using MOSAIC format.

91 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

74 : FileSender : (Huge) File Transfer Service

Author : Etienne Meleard

Offered by RENATER to its community, FileSender is based on the free software of the same name, and allows users from the RENATER community to send large files to correspondents: colleagues, working groups, external partners, etc.

FileSender is one of the only solutions that has no limits on the size of the file to be exchanged. The service offers 20 Gb to each user. A Premium platform, which can be accessed via subscription, allows up to 200 Gb. In both cases, storage is temporary: 15 days for the service open to the community and 7 days for the Premium service.

FileSender offers features such as inviting correspondents to send files, tracking downloads, the ability to add a recipient after the initial transfer or obtaining a download link to be included in a communication document.

Specially designed to manage extremely large files (current record: 1.5 Tb), the FileSender software includes specific features such as the ability to pause a transfer to temporarily free up the connection, or to resume a transfer that was interrupted (browser crash, connection failure, etc.).

The software's longevity is guaranteed by a consortium in which several NRENs play an active role, including AARNet (Australia), CSC/FUNET (Finland), HEAnet (Ireland), UNINETT (Norway) and, of course, RENATER.

This poster presents the service and its Premium version, as well as possibilities for integration. The international cooperation on the software as well as future features are also presented.

92 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

65 : LISP-Lab Platform Presentation

Authors : Yue Li, Patrick Raad, Christian Jacquenet

The increasing number of IPv4 routes is continuing to grow exponentially, leading to performance and upscaling problems. This is due to the massive roll-out of mobile data services and the ubiquitous development of the Internet of Things. In addition, the progress made by multi-homing and traffic engineering techniques leads us to ask ourselves questions about the current architecture of the Internet. LISP (Locator/ID Separation Protocol) is an IETF protocol that offers a model for deploying a transparent and programmable overlay network in order to facilitate moving to various emerging services. Its aim is to divide the role played by the IP address into an identifier and a locator, thereby reducing the number of routes maintained by Internet routers. The LISP-Lab project includes the development of a LISP platform, providing a research environment that is open to all project partners and third-party bodies, allowing new services and new protocol functions to be evaluated. Currently, there is a development version, OpenLISP, which includes all the features required to engineer and operate a LISP network. From February 2015 and after the platform's supervision, alert management and operational monitoring systems were implemented, it was opened to experimenters and researchers from outside the consortium.

93 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

125 : Measures against DDoS on RENATER

Author : François-Xavier Andreu

DDoS, SynFlood, booter, DNS and NTP amplification: so many words are important for our networks today, as unfortunately the techniques hiding behind them have become very (too) accessible to common mortals. The French telecom network for technology, education and research (RENATER) uses different methods to counter these service-blocking attacks and continues gear up in order to improve network quality when these types of events occur. The different counter-measures we present are based on network equipment configurations (ACLs, RTBH), use dedicated equipment (mitigation box) or new routing techniques (FlowSpec). It is even sometimes necessary to rely on middleware offers to counter an attack. This poster will focus on protection methods already used on RENATER and other methods that will be used in the near future.

94 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

161 : National Education - Education and Research, Gateway Between Two Identity Federations

Authors : Alexandre Guyot, Anne-Hélène Turpin, Nicolas Romero

For several years, identity federation has been used in parallel by the Ministry of National Education for primary and secondary instruction, and by the French telecom network for technology, education and research (RENATER) for higher education institutions and research organisations. Unique goals and different organisational modes led to two distinct approaches.

The Ministry of National Education created an internal circle of trust to pool together certain applications with a centralised and descending organisation enforcing identical infrastructures and implementations in all production centres. The "hub and spoke" federation model allowed it to mask the organisational and technical complexity in order to appear as a single interlocutor.

As for RENATER, it defined a frame of reference and an architecture allowing all institutions joining it to use the identity federation service. The organisation of the circle of trust created this way is completely decentralised, with no one remaining autonomous for implementation and interconnection with the available application services, as long as the frame of reference is followed. The "mesh" model was adopted for this.

Over time, interconnection of these two circles of trust has become indispensable.

Despite different methods and tools being used in these federations, the approaches are based on similar standards. Starting from there, the Ministry of National Education worked with RENATER to integrate its federation "hub" in the Education/Research federation. Employees of the Ministry of National Education can therefore access resources made available for Education/Research. In return, resources from the Ministry of National Education are made available to employees of superior groups.

95 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

39 : Online Best Practices for System Administration

Authors : Alain Rivet, Maurice Libes, Laurette Chardon, Olivier Brand-Foissac, Marie David, Gilles Requile

The aim of this work is to present an interactive version of the 'Best Practice Guide for System and Network Administrators' (SNAs) ('Guide des Bonnes Pratiques pour les Administrateurs Systèmes et Réseaux'), which is available online (http://gbp.resinfo.org/). This guide is designed to define the practices and processes to be implemented in the field in order to better structure our work and initiate a quality-focused approach. The guide's website is the online version and digital edition of the book published in 2013 by Editions MRCT of the CNRS, the French national centre for scientific research [ISBN 978-2-918701-07-1].

Context

The Best Practice Guide brings together all the major specific features of the SNA profession in research centres. It sets out a range of behaviours that are agreed upon by the SNA community, allowing a corpus of best organisational practice to be created. To do this, we have built on the ISO's recognised reference documents to give our field practices a framework so as to better take our activities into account and to better structure them.

Implementation

The website gives access to all of the book's chapters. We expect that this site will be regularly developed and the document will be regularly updated. This digital online version guarantees the continuity and increased upgradeability of the links and themes discussed. We are also hoping that web users and readers will contribute via each article's forum. Taking everyone's experiences and practices into account through this dynamic sharing approach will, in the long term, allow a new updated version of the best practices guide to be published.

96 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

63 : PLM MATHRICE DevOps Architecture

Authors : Sandrine Layrisse, Laurent Azema, David Delavennat, Philippe Depouilly, Laurent Facq

Following the talk by JRES2013 on 'Mathrice, a community, an organisation, a network, a team' ('Mathrice, une communauté, une organisation, un réseau, une équipe'), this poster introduces the software and equipment architecture put in place for the development of the new 'interface' for digital services as part of the Plateforme en Ligne pour les Mathématiques (Online Mathematics Platform, PLM).

The main aims were to provide reproducible working environments, to make the constituent parts of the PLM interoperable, to facilitate access to the platform by allowing members of the mathematics community to link their various digital identities, and to offer on-demand services.

The methodology used was heavily inspired by the DevOps movement, as much in technical terms as in human terms: - systematically assessing technologies from a DevOps viewpoint; - implementing technical development environments (DEV), pre-production environments (PRE) and production environments (PROD); - implementing digital services via web services; - virtualising the system infrastructure (KVM); - automatically managing system configurations (puppet); - keeping logs of actions (git); - assessing human resources from a DevOps viewpoint; - dividing work between small teams (inspired by extreme programming); - each team running a service is responsible for its instrumentation; - maintaining and increasing teams' skill levels.

The MATHRICE environment and structure featured ideal characteristics for initiating this change and increasing the project's appeal and reactivity: - a team that is used to change and collaboration; - a technical infrastructure that is moving towards an integration chain.

97 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

35 : SCAN'ER, a Tool for Detecting Vulnerabilities in Your Networks

Author : Dominique Launay

From 9 March 2015, RENATER is making the first version of its Scan'ER tool available to institutions in the Education and Research communities. This tool is available to two groups:

Chief Information Security Officers working in higher education and research (nomination chain of the department of the senior defence and security official at the French Ministry of National Education, Higher Learning and Research); site security officers who do not fit into the previous category.

It allows them to determine scan policies and to schedule vulnerability scans of their institution's network ranges.

This poster is designed to describe the architecture put in place, how it operates and its limitations.

98 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

79 : Shibboleth at 200 %: Until Which Load Can You Go?

Authors : David Verdin, Yann Guernalec

Authentication through identity federation is becoming widespread in educational settings. One of the foreseeable effects was increasingly resource-heavy systems, stretching requirements in terms of performance and availability of SP and IdP blocks to unprecedented levels. And that's where we are now. The GAR project from the French national education department aims to give six million secondary school students simultaneous access to educational resources. It remains to be seen whether Shibboleth can deal with this. To answer this question, RENATER and the Rennes education authority carried out load testing of an authentication infrastructure based on Shibboleth. The tests were carried out on isolated servers, but also on load balancing infrastructures.

The poster presents the experimental approach taken, the thresholds encountered and the optimised settings that allowed the required load to be reached.

99 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

99 : SourceSup 2015, Collaborative Forge Development for Co-Building

Authors : Anne-Hélène Turpin, David Rongeat

SourceSup 2015, Collaborative Development Forge for joint IT projects

AMUE (French shared-services agency for universities and higher education institutions) relies, for its collaborative development strategy, on the most efficient forge platform available to the higher education community: SourceSup, provided by RENATER (French Research and Education Network). This free and powerful platform gives a new impetus to software collaborative development by providing it with an effective environment.

Amue’s expertise and support

Taking advantage of its experience in software development, Amue promoted the development of complementary features in SourceSup, such as tracking tests, quality measurement, continuous integration, task automation, Electronic Content Management (ECM), a new version of bug tracking tool, components library. Tools used to implement these developments comply with the French national guidelines for open source software: Testlink, Sonar, Jenkins, Maven, Nuxeo, Mantis, Nexus and git.

This advanced version of SourceSup is made available by Renater since May 2015.

A forge, what for?

Among teams dedicated to the collaborative development of a software solution, all contributors have the benefit of an integrated and collaborative tool: • Easier communication and exchange between all the actors (developer, testers, project managers or functional) • Developer work optimization: tasks automation, control, quality measurement • No regression during developments • Continuous integration which contributes to agility 100 • Continuous improvement of the source code • Pooling projects between institutions

Keywords Forge, Development, collaborative tools, continuous Integration, quality measurement, automation, Amue, Renater, Jenkins, Maven, Nuxeo, Sonar, TestLink, Svn, Git, Mantis,

100 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

110 : "Sustainable Development” Initiatives at a University's IT Department

Authors : Cyrille Bonamy, Patrick Billa, Henri Meurdesoif

Following the 2011 Network Conference (JRES), the University of Lille 1 IT department created a task force dedicated to sustainable development. The idea is to accomplish in-depth work on the topic, while relying on the guide of best practices from the European code of conduct for data centres.

The initial report was alarming in that the IT department was not aware of its own electricity consumption. Unfamiliarity of the stock and computing usage between departments was also identified. The task force's first undertakings were a monthly report on electricity consumption and an inventory of servers (and associated services) in production. These tasks helped to create an initial estimate of our electricity consumption and identified redundant services.

Following this study, a cold aisle was installed to house all the IT departmental's servers. After this first accomplishment, the Cloud-Aerosol-Water-Radiation Interactions (ICARE) Data and Services Centre (UMS), located in the IT department, also launched a cold aisle project.

In addition to these installations, consumption has been measured monthly since 2012, an internal wiki dedicated to sustainable development has been established and flow within the inverter room has been improved.

Our poster will address the goal and details of this "Sustainable Development" mission, focusing in particular on the implementation of two cold aisles and measurement of electricity consumption. The difficulties encountered and the financial and human investments required will also be presented. Finally, an insert will be dedicated to the perspectives of this mission.

101

101 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

124 : The Service Offering of the CNRS

Author : Nadine Marouzé

Since 2013, the National Centre for Scientific Research (CNRS) has progressively deployed specific IT services for scientific and administrative units that are adapted to research work and the security issues behind it.

This service offering is broken down as follows:

Integrated Messaging: modern functionalities are shared, secured and integrated with other daily-use tools (such as the MS Office desktop suite) for improved ease of use and performance;

CoRe portal: a secure, multi-control collaborative portal (guaranteed confidentiality for stored data) dedicated to researchers, IT, managers and their external partners (with restricted access), as well as administrative and functional roles (continuity between different key players in processes for assessment, HR, contracts, communications, etc.);

Individual video conferencing with My Com: from your workstation or mobile device, with interactive document sharing and management of face-to-face interaction;

Sharing and roaming with My CoRe: synchronised multi-device access to "My Documents" and Dropbox-style file sharing (with guaranteed confidentiality of stored data);

Secure Cloud: virtual on-demand and personalized servers (processing and storage capabilities), secure website hosting, raw data storage and automatic saving of workstations.

The tools in this service offering complement the management tools in production to give them a multi-control aspect: Zento structure (driver/decisional), Dialog (resource requests), REFP (shared repositories), Geslab (financial management), Caplab (research activities), 102 etc.

102 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

149 : Vim, the Administration Console that You Were Missing

Author : marc chantreux

We miss time to spare time. this is the tale of all our information systems as they reach a certain size or level of complexity.

Missing the good tools while deadlines approaches, i started to use vim as an interactive glue over unfinished scripts in fuzzy workflows and it turns out to be a very pleasant and productive way to work around the lack of conventions and tools.

Since then, i took an increasing time of my daily work switching from buffers to buffers inside my editor, building a complete visual application while using it. there is no boundary between using and extending my environment using the MVC method where:

* M are the maintainance scripts (providing CRUD operations) * V are buffers where texts are rendering collections and objects and providing mappings related to the type of rendered things * C are all the operations defined by the vim keybindings that call maintainance scripts with relevant parameters and output filtering.

so clicks on my GUI are replaced by two letters mappings

,d to delete ,s to show ,e to edit ,x to execute ...

to do the right things on entries of request trackers, ldap entries, logs, REST API results, system log chunks and so on.

103

103 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

116 : Virtual Imaging Platform (VIP)

Authors : Pop Sorina, Frédéric Cervenansky, Nouha Boujelben, Tristan Glatard

Computing and storage have become key to research in a variety of biomedical fields, for example, to compute numerical simulations for research in medical imaging or cancer therapy, or to automate the analysis of digital images in neurosciences or cardiology. The Virtual Imaging Platform (https://vip.creatis.insa-lyon.fr) is a web portal for medical simulation and image data analysis. It leverages resources available in the biomed Virtual Organisation of the European Grid Infrastructure (EGI) to offer an open service to academic researchers worldwide.

VIP aims to mask the infrastructure and enable a user experience as transparent as possible. This means that VIP has to take decisions as automatically, quickly, and reliably as possible regarding infrastructural challenges such as: -(1) the placement of data files on the storage sites, -(2) the splitting and distribution of applications on the computing sites, -(3) the termination of misbehaving runs.

We heavily rely on the DIRAC service provided by France Grilles (the NGI of France) to take such decisions in the changing environment of EGI. In addition, we have developed 'non-clairvoyant’ techniques to specifically address the challenges of the applications provided in VIP.

With VIP, researchers from all over the world have access to medical imaging applications as a service. They are thus using important amounts of computing resources and storage with no required technical skills beyond the use of a web browser.

References: "A Virtual Imaging Platform for multi-modality medical image simulation", T. Glatard, et al., IEEE Transactions on Medical Imaging, vol. 32, no. 1, pp. 110-118, 2013

104

104 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

151 : Virtual Reality for System Administration

Author : Alain Ravaz

Just as stockbrokers experiment with virtual reality to track a maximum number of virtual information flows, system administrators can display multiple interfaces necessary for all activities with no limit. They can juxtapose log consoles that will not be limited to 40 lines, exhaustive administration dashboards, and technical documents next to each other, complete database diagrams, project plans or mind maps or even e-commuting video.

Confidentiality of the data consulted is guaranteed, as only the person wearing the headset has access to the information. The quality of concentration is also much better when environmental distractions are eliminated. Virtualise screens to free yourself from physical and financial limitations. With a 180-degree camera, monitor your technical sites without moving and inch and without encountering noise and climate control.

From a technical perspective, the resolution is currently limited but the 4k screens, which have been announced, allow comfortable reading of text. Another significant problem is the use of a keyboard for those who are not accustomed to typing without looking at it. Experiments with keyboard representation and hand tracking prove that the technology is ready. The current prerequisites to establish this type of installation are surprisingly accessible and easy to implement (approximately 400 euros for one headset). For the time being, the practice is largely experimental and exploratory, but it demonstrates the potential of this type of system.

105

105 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

19 : WINLOG

Author : Jérôme Bousquié

Winlog is a Classified web logging, surveillance and connection analysis application on Windows machines in an Active Directory domain. It does not need to be installed on the domain's Windows machines. It is located on a single LAMP server. Winlog displays "in real time" who is connected to which machine and for how long. It allows the user to create groups of machines (IT classrooms, for example) and to represent these machines on a map. It can also view the processes a machine is currently running and shut it down and restart it remotely. Coupled with Squidguard, Winlog allows the user to view access attempts to the institution's web blacklist in real time. It can also be used in the same way to ban or grant web access to a group of machines dynamically with a single click. Coupled with scheduling software, it can be used to cross-check information: actual vs planned usage. Coupled with a Wi-Fi captive portal, it can display current Wi-Fi connections in the same monitoring console.

Finally, because Winlog keeps all Windows connections in a relational database, it is easy to produce statistics of all kinds about how the stock of Windows machines is used or to carry out investigations in order to research certain events (improper usage, etc.).

106

106 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

25 : Youth of Mac Pro 2009/2010: Iron Needed!

Author : Jean-Luc Evrard

The latest version of the Mac Pro was quite off-putting for a lot of us: similar power to the previous generation, inability to reuse PCI cards, very limited internal storage space, outrageous prices, etc. All of these arguments led us to keep the old models of the Mac Pro (particularly 2009 and 2010) in service for as long as possible, mainly because they just keep going and, as we will see, are fairly easy to upgrade.

The quest for increased power for computers that are themselves 5 or 6 years old is reasonable, particularly for certain applications. In this report, we will focus more specifically on the possibilities of changing the processor and memory and installing SSDs in the 2009 machines which are, on paper, the hardest to renovate.

We will show that, in practice, these computers are the most profitable to modify as it is possible to significantly increase the power of these machines with a relatively modest budget and a good iron. It turns out that the processor board of Mac Pro 2009 models is identical in terms of components to the 2010 model. Only the firmware has changed to cope with new generations of processors. Luckily for us, it can easily be flashed, opening up the possibility of using a wide range of processors. However, the only drawback is that it needs processors models without IHS - and that's where the iron comes in...

107

107 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Abstracts arranged by chronological order

08/12/2015 Berlioz Opening Session 14:30 Berlioz Rosetta, in search of our origins p. 3 16:30 Berlioz RENATER at the heart of the European dynamics: what new challenges for digital engineering? GÉANT Association NRENs for Campuses p. 4 Pasteur OwnCloud Implementation in the University of Lorraine p. 5 My CoRe, File Sharing and Nomadism p. 6 Synchronize and Share Documents With Seafile p. 7 FG-Cloud: Community Science-Based Distributed Cloud p. 8 Einstein Multiplatfom Desktop Virtualization for Linux / Windows / Mac OS X - Feedback p. 9 Microlinux: a Solution for Desktops Virtualization p. 10 Implementing a VDI Solution Based on Dell Workspace p. 11 Advanced Virtualization of Windows Workstations Under Linux KVM p. 12 Antigone Security, 10 Years Later p. 13 Security Compliance Process for the Siham-PMS Teleservice p. 14 Trusted Certificate Service : The RENATER Certificate Service p. 15 A Feedback on the Design of a Strong Authentication Solution p. 16

108

108 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

09/12/2015 à 08:45 08:45 Berlioz Setting up an OpenStack Based IaaS Platform at Lille 1 University: Feedback p. 17 How to Add Salt Everywhere (or How to Salt your Infrastructure) p. 18 Pasteur FranceConnect : Universal Access to Online Services p. 19 Constitution of an Identity Repository (Campus Best Practice 2014) p. 20 Implementation of a Common Repository of Individuals Throughout a Region p. 21 CASShib or Why I Shibbolethised my CAS p. 22 Einstein INRIA Service Desk and its Tools p. 23 Services catalog, 3 Viewpoints on its Implementation and its Life Cycle p. 24 Antigone Best Practices for Securing BGP p. 25 Multi-Domain Virtual Private Network : a Seamless Infrastructure for Regional Networks and NRENs p. 26 11:00 Berlioz SDN for Dummies p. 27 NFV / SDN: a Hybrid Approach p. 28 Network Infrastructure Scalability for Virtualization With VXLAN p. 29 Data Center Interconnect: EVPN p. 30 Pasteur From the Smartphone to the Refregirator : the Password Great Escape p. 31 GÉANT : Helping International Researchers to Adopt eduGAIN p. 32 IdP Hosting by RENATER p. 33 OpenID Connect, the Future of Identity Federation? p. 34 Einstein “Rendez-Vous”: Web(RTC) Conference as a Service p. 35 Operating a Mailing List Service: Best Practices p. 36

109

109 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Antigone Video Archiving and Transcoding Platform p. 37 Long-Term Preservation of Research Data from Humanities: a Feedback p. 38 14:00 Hall Posters 14:45 Berlioz GÉANT – Tomorrow’s Secure Research and Education Network p. 39 Interpret your Flows with Znets2 p. 40 Monitor a Laboratory Network With Suricata p. 41 Pasteur PARTAGE : 2 Years Later p. 42 A Decentralised Approach to Achieve Email Infrastucture Scalability p. 43 Zimbra for Bordeaux University : Deployment and Feedback p. 44 Feedback: Deploying a XiVO Solution of IP Telephony in the Institute of Molecular Biology of Plants p. 45 Einstein Keys Escrow p. 46 Network Trusted Boot: Deciphering of Linux OS Transparent for the User p. 47 Antigone Contactless Mifare DESFire EV1 Cards p. 48 Feedback on the Attendance Control with Multiservices Cards p. 49 10/12/2015 à 08:45 08:45 Berlioz An Attack Can Hide Another One p. 50 Robocert : Semi-Automatic Processing of Security Incidents Through Web Services p. 51 Detection of Network Anomalies by Unsupervised Learning p. 52 CERT OSIRIS: 2 Years Later ... What did They Become ? p. 53

110

110 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Pasteur Building, Configuring, Deploying and Running Distributed, Peta-scale Data Analysis Software at IN2P3 p. 54 Kali, Simplify the Use of HPC Clusters p. 55 Einstein Providing 3D applications through GPU virtualization by AIP-Primeca-Dauphiné-Savoiep. 56 Connected Studio for Multimodal Learning Design p. 57 MaP - Multicasting Art Platform p. 58 An Architecture to Combine Strength and Freedom for Web Developers p. 59 Antigone What Confidence Can We Have in X.509 Certificates? p. 60 Data Protection Governance: a Feedback p. 61 11:00 Berlioz A presentation from Henri Verdier - DINSIC 11:45 Berlioz A presentation from Admiral Dominique Riban - ANSSI 14:00 Hall Posters 14:45 Berlioz Angel and / or Demon, Why is Bitcoin Inescapable ? p. 62 Centralized, Decentralized, Peer to Peer, What Words for the Architecture of Distributed Systems p. 63 Pasteur Reclaim Online Privacy, Study of a Caliopen Detail: Privacy Indices and Key Managementp. 64 An Authorization Service for Virtual Organizations p. 65 Social2saml : Delegate Authentication to Operators p. 66 Modernization of Data Exchanges of Individuals in the Information System p. 67 Einstein Lightning Talks Jeudi 14h45

111

111 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Antigone Numerics : 1, Environment : 0. With EcoInfo, Let Us Change Practices p. 68 UEB C@mpus : a Unique Digital Campus p. 69 17:00 Berlioz The State Security Policy, Opportunity of Burden for Education and Research Institutions ? Pasteur So that Big Data does not Mean Big Problems p. 70 FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Einstein Digital University Exams: Safety, Technical and Organization p. 72 Deployment of the Project "Educational Platform and Tablets (SIDES) Toulouse 3" p. 73 Antigone A CMDB at the University of Strasbourg p. 74 Campus Best Practices p. 75 18:15 Pasteur Lightning Talks Jeudi 18h15 11/12/2015 à 08:45 08:45 Berlioz Statistical Tools for Data Mining in Log Files p. 76 Log Management: Monitoring and Operating IT Assets with Graylog p. 77 Logs Centralization and Management p. 78 AGIMUS-NG or Usage Indicators of our Digital Services p. 79 Pasteur Monitoring with OMD (Open Monitoring Distribution) p. 80 Manage an Immutable Infrastructure in Containers with Docker p. 81 Einstein Approval and Implementation of the General Security Standard within the Ministry of Education p. 82 Digital Safe p. 83

112

112 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Antigone RENATER 6 - Evolution of Switching and Routing DWDM Optical Transport Equipments of RENATER p. 84 Routed Ethernet p. 85 11:25 Berlioz Timing, determinism control, and security in networks p. 86

113

113 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Abstracts arranged by author

Olivier Adam CASShib or Why I Shibbolethised my CAS p. 22 Yves Agostini Statistical Tools for Data Mining in Log Files p. 76 Mohamed Airaj FG-Cloud: Community Science-Based Distributed Cloud p. 8 Dominique Alglave A Feedback on the Design of a Strong Authentication Solution p. 16 François-Xavier Andreu Measures against DDoS on RENATER p. 94 Jean-Marc Asensio Approval and Implementation of the General Security Standard within the Ministry of Education p. 82 Laurent Aublet-cuvelier PARTAGE : 2 Years Later p. 42 Pascal Aubry Digital University Exams: Safety, Technical and Organization p. 72 Julien Aussibal UEB C@mpus : a Unique Digital Campus p. 69 Laurent Azema PLM MATHRICE DevOps Architecture p. 97 philippe Bader Security Compliance Process for the Siham-PMS Teleservice p. 14 Olivier Batoul AMUE Service Offer p. 89 frederic Beck Digital Safe p. 83

114

114 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Jacek Becla Building, Configuring, Deploying and Running Distributed, Peta-scale Data Analysis Software at IN2P3 p. 54 David Benaben FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Jean Benoit A Decentralised Approach to Achieve Email Infrastucture Scalability p. 43 Multi-Domain Virtual Private Network : a Seamless Infrastructure for Regional Networks and NRENs p. 26 Robocert : Semi-Automatic Processing of Security Incidents Through Web Services p. 51 Gérard Berry Timing, determinism control, and security in networks p. 86 Fabien Berteau CASShib or Why I Shibbolethised my CAS p. 22 Francoise Berthoud Numerics : 1, Environment : 0. With EcoInfo, Let Us Change Practices p. 68 Marek Bertovič Monitor a Laboratory Network With Suricata p. 41 Joseph Bezzina AMUE Service Offer p. 89 Alain Bidaud Multi-Domain Virtual Private Network : a Seamless Infrastructure for Regional Networks and NRENs p. 26 Patrick Billa "Sustainable Development” Initiatives at a University's IT Department p. 101 Catherine Biscarat FG-Cloud: Community Science-Based Distributed Cloud p. 8 FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Eric Bisgambiglia Implementing a VDI Solution Based on Dell Workspace p. 11

115

115 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Frederic Bloise 6PO: Print Solution Without Driver Os-agnostic p. 88 Pierre Blondeau Network Trusted Boot: Deciphering of Linux OS Transparent for the User p. 47 Sebastien Boggia Multi-Domain Virtual Private Network : a Seamless Infrastructure for Regional Networks and NRENs p. 26 Cyrille Bonamy "Sustainable Development” Initiatives at a University's IT Department p. 101 Serge Borderes From the Smartphone to the Refregirator : the Password Great Escape p. 31 Guilhem Borghesi CERT OSIRIS: 2 Years Later ... What did They Become ? p. 53 Robocert : Semi-Automatic Processing of Security Incidents Through Web Services p. 51 Stéphane Bortzmeyer Centralized, Decentralized, Peer to Peer, What Words for the Architecture of Distributed Systems p. 63 Karim Boudjemaa RENATER 6 - Evolution of Switching and Routing DWDM Optical Transport Equipments of RENATER p. 84 Nouha Boujelben Virtual Imaging Platform (VIP) p. 104 Jérôme Bousquié WINLOG p. 106 Olivier Brand-Foissac Online Best Practices for System Administration p. 96 Cyril Bras Monitor a Laboratory Network With Suricata p. 41 Jean-Louis Brunel Approval and Implementation of the General Security Standard within the Ministry of Education p. 82

116

116 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Xavier Buche Setting up an OpenStack Based IaaS Platform at Lille 1 University: Feedback p. 17 Denis Buffenoir INRIA Service Desk and its Tools p. 23 Thomas Bärecke GÉANT : Helping International Researchers to Adopt eduGAIN p. 32 Yvan Calas Building, Configuring, Deploying and Running Distributed, Peta-scale Data Analysis Software at IN2P3 p. 54 Nicolas Can AGIMUS-NG or Usage Indicators of our Digital Services p. 79 Yonny Cardenas FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Nicolas Carel Video Archiving and Transcoding Platform p. 37 Giles Carré What Confidence Can We Have in X.509 Certificates? p. 60 Frédéric Cervenansky Virtual Imaging Platform (VIP) p. 104 Anass Chabli An Authorization Service for Virtual Organizations p. 65 IdP Hosting by RENATER p. 33 marc chantreux Vim, the Administration Console that You Were Missing p. 103 Laurette Chardon Online Best Practices for System Administration p. 96 Maxime Charpenne PARTAGE : 2 Years Later p. 42 Laurent Chemla Reclaim Online Privacy, Study of a Caliopen Detail: Privacy Indices and Key Managementp. 64

117

117 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Nicolas Clementin FG-Cloud: Community Science-Based Distributed Cloud p. 8 Grégoire Colbert Connected Studio for Multimodal Learning Design p. 57 Benjamin Collet A Decentralised Approach to Achieve Email Infrastucture Scalability p. 43 Multi-Domain Virtual Private Network : a Seamless Infrastructure for Regional Networks and NRENs p. 26 Network Infrastructure Scalability for Virtualization With VXLAN p. 29 Pascal Colombani A Feedback on the Design of a Strong Authentication Solution p. 16 Guillaume Colson AGIMUS-NG or Usage Indicators of our Digital Services p. 79 Hélène Cordier FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Philippe d'Anfray MaP - Multicasting Art Platform p. 58 Jean-Marie Dallet MaP - Multicasting Art Platform p. 58 Philippe Daubias An Architecture to Combine Strength and Freedom for Web Developers p. 59 Magali Daujat Feedback: Deploying a XiVO Solution of IP Telephony in the Institute of Molecular Biology of Plants p. 45 Marie David Online Best Practices for System Administration p. 96 Romaric David So that Big Data does not Mean Big Problems p. 70 Olivier De-Marchi Feedback on the First Wired University Building Using Fiber p. 91 David Delavennat PLM MATHRICE DevOps Architecture p. 97

118

118 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Philippe Depouilly PLM MATHRICE DevOps Architecture p. 97 Philippe Depouilly Implementation of a Common Repository of Individuals Throughout a Region p. 21 Thierry Descombes Interpret your Flows with Znets2 p. 40 François Disdier Feedback: Deploying a XiVO Solution of IP Telephony in the Institute of Molecular Biology of Plants p. 45 Boris Doucey Implementation of a Common Repository of Individuals Throughout a Region p. 21 Julien Dupré A CMDB at the University of Strasbourg p. 74 Jerome Durand Best Practices for Securing BGP p. 25 SDN for Dummies p. 27 Jean-Luc Evrard Feedback: Deploying a XiVO Solution of IP Telephony in the Institute of Molecular Biology of Plants p. 45 Youth of Mac Pro 2009/2010: Iron Needed! p. 107 Laurent Facq PLM MATHRICE DevOps Architecture p. 97 Sébastien Fillaudeau Setting up an OpenStack Based IaaS Platform at Lille 1 University: Feedback p. 17 Don Foresta MaP - Multicasting Art Platform p. 58 Jérôme Fulachier Interpret your Flows with Znets2 p. 40 Philippe Gaudon Rosetta, in search of our origins p. 3

119

119 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Pierre Gay FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Sébastien Geiger FG-Cloud: Community Science-Based Distributed Cloud p. 8 Pascal Geoffroy Synchronize and Share Documents With Seafile p. 7 Virgile Gerecke A CMDB at the University of Strasbourg p. 74 Davy Gigan Network Trusted Boot: Deciphering of Linux OS Transparent for the User p. 47 Tristan Glatard Virtual Imaging Platform (VIP) p. 104 Dahlia Gokana RENATER 6 - Evolution of Switching and Routing DWDM Optical Transport Equipments of RENATER p. 84 Christine Gondrand FG-Cloud: Community Science-Based Distributed Cloud p. 8 Frantz Gourdet Data Protection Governance: a Feedback p. 61 Arnaud Grausem Modernization of Data Exchanges of Individuals in the Information System p. 67 Yann Guernalec Shibboleth at 200 %: Until Which Load Can You Go? p. 99 Jean-François Guezou Campus Best Practices p. 75 Alexandre Guyot National Education - Education and Research, Gateway Between Two Identity Federationsp. 95 Vanessa Hamar FG-Cloud: Community Science-Based Distributed Cloud p. 8

120

120 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Eric Heijligers FranceConnect : Universal Access to Online Services p. 19 Alain Heinrich Synchronize and Share Documents With Seafile p. 7 Thierry Henocque Providing 3D applications through GPU virtualization by AIP-Primeca-Dauphiné-Savoiep. 56 Fabio Hernandez Building, Configuring, Deploying and Running Distributed, Peta-scale Data Analysis Software at IN2P3 p. 54 Marc Herrmann CERT OSIRIS: 2 Years Later ... What did They Become ? p. 53 Benoit Hiroux FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Nicolas Hordé Microlinux: a Solution for Desktops Virtualization p. 10 Stéphane Igounet PARTAGE : 2 Years Later p. 42 Eric Inocente PARTAGE : 2 Years Later p. 42 Emil Ivov “Rendez-Vous”: Web(RTC) Conference as a Service p. 35 Christian Jacquenet LISP-Lab Platform Presentation p. 93 Fabrice Jammes Building, Configuring, Deploying and Running Distributed, Peta-scale Data Analysis Software at IN2P3 p. 54 Nicolas Jayr Deployment of the Project "Educational Platform and Tablets (SIDES) Toulouse 3" p. 73

121

121 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Xavier Jeannin Data Center Interconnect: EVPN p. 30 Multi-Domain Virtual Private Network : a Seamless Infrastructure for Regional Networks and NRENs p. 26 NFV / SDN: a Hybrid Approach p. 28 Julien Joubin Advanced Virtualization of Windows Workstations Under Linux KVM p. 12 Michel Jouvin FG-Cloud: Community Science-Based Distributed Cloud p. 8 Mohammed Khabzaoui Setting up an OpenStack Based IaaS Platform at Lille 1 University: Feedback p. 17 Patrick Kocelniak Multiplatfom Desktop Virtualization for Linux / Windows / Mac OS X - Feedback p. 9 Antoine Lacombe Deployment of the Project "Educational Platform and Tablets (SIDES) Toulouse 3" p. 73 Éric Laemmer Synchronize and Share Documents With Seafile p. 7 Benoît Lahoz MaP - Multicasting Art Platform p. 58 Dominique Lalot Operating a Mailing List Service: Best Practices p. 36 Nicolas Larrousse Long-Term Preservation of Research Data from Humanities: a Feedback p. 38 Dominique Launay SCAN'ER, a Tool for Detecting Vulnerabilities in Your Networks p. 98 Laurent Lavaud Zimbra for Bordeaux University : Deployment and Feedback p. 44 Sandrine Layrisse PLM MATHRICE DevOps Architecture p. 97

122

122 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Philippe Lecler INRIA Service Desk and its Tools p. 23 Laurent Lefevre Numerics : 1, Environment : 0. With EcoInfo, Let Us Change Practices p. 68 Vincent Legoll FG-Cloud: Community Science-Based Distributed Cloud p. 8 Sha Li FG-Cloud: Community Science-Based Distributed Cloud p. 8 Yue Li LISP-Lab Platform Presentation p. 93 Maurice Libes Online Best Practices for System Administration p. 96 Jean-Marc Liger Advanced Virtualization of Windows Workstations Under Linux KVM p. 12 Charles Loomis FG-Cloud: Community Science-Based Distributed Cloud p. 8 Romuald Lorthioir Connected Studio for Multimodal Learning Design p. 57 Frédéric Loui Data Center Interconnect: EVPN p. 30 NFV / SDN: a Hybrid Approach p. 28 Vincent Lucas A Decentralised Approach to Achieve Email Infrastucture Scalability p. 43 Synchronize and Share Documents With Seafile p. 7 Fanny Marcel PARTAGE : 2 Years Later p. 42 Julien Marchal AGIMUS-NG or Usage Indicators of our Digital Services p. 79 Nadine Marouzé The Service Offering of the CNRS p. 102 Matthieu Marquillie FG-Cloud: Community Science-Based Distributed Cloud p. 8

123

123 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

José-Marcio Martins Da Cruz Detection of Network Anomalies by Unsupervised Learning p. 52 Operating a Mailing List Service: Best Practices p. 36 Marion Massol Long-Term Preservation of Research Data from Humanities: a Feedback p. 38 Christophe Masson Routed Ethernet p. 85 Gilles Mathieu FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Emmanuel Medernach FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Etienne Meleard An Authorization Service for Virtual Organizations p. 65 FileSender : (Huge) File Transfer Service p. 92 Henri Meurdesoif "Sustainable Development” Initiatives at a University's IT Department p. 101 Jonathan Michalon So that Big Data does not Mean Big Problems p. 70 Rémi Michelas Kali, Simplify the Use of HPC Clusters p. 55 Aurelien Minet Collaborative Information System Mapping p. 90 How to Add Salt Everywhere (or How to Salt your Infrastructure) p. 18 Laurent Mirtain Kali, Simplify the Use of HPC Clusters p. 55 Laurence Moindrot Operating a Mailing List Service: Best Practices p. 36 Yannick Monclin Services catalog, 3 Viewpoints on its Implementation and its Life Cycle p. 24 Benoit Moreau Security, 10 Years Later p. 13

124

124 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Gabriel Moreau Feedback on the First Wired University Building Using Fiber p. 91 François Morris An Attack Can Hide Another One p. 50 Nicolas Muller Manage an Immutable Infrastructure in Containers with Docker p. 81 Jean-Yves Nief FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Simon Nieuviarts Multiplatfom Desktop Virtualization for Linux / Windows / Mac OS X - Feedback p. 9 Carole Nocera-picand Connected Studio for Multimodal Learning Design p. 57 Philippe Olive Feedback on the Attendance Control with Multiservices Cards p. 49 Christophe Palanche A Decentralised Approach to Achieve Email Infrastucture Scalability p. 43 Multi-Domain Virtual Private Network : a Seamless Infrastructure for Regional Networks and NRENs p. 26 Network Infrastructure Scalability for Virtualization With VXLAN p. 29 Jérôme Pansanel FG-Cloud: Community Science-Based Distributed Cloud p. 8 FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 Jean-luc Parouty Angel and / or Demon, Why is Bitcoin Inescapable ? p. 62 Marianne Parry Numerics : 1, Environment : 0. With EcoInfo, Let Us Change Practices p. 68 Frédéric Pauget Contactless Mifare DESFire EV1 Cards p. 48 Fabrice Peraud A Decentralised Approach to Achieve Email Infrastucture Scalability p. 43

125

125 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Jerome Petazzoni Manage an Immutable Infrastructure in Containers with Docker p. 81 Vanessa Pierne Campus Best Practices p. 75 Jean-Marc Pierson FG-Cloud: Community Science-Based Distributed Cloud p. 8 Simon Piquard Synchronize and Share Documents With Seafile p. 7 Matthieu Puel FG-Cloud: Community Science-Based Distributed Cloud p. 8 Hassan Qamar INRIA Service Desk and its Tools p. 23 Patrick Raad LISP-Lab Platform Presentation p. 93 Alain Ravaz Virtual Reality for System Administration p. 105 Karen Raynal Implementation of a Common Repository of Individuals Throughout a Region p. 21 Gilles Requile Online Best Practices for System Administration p. 96 Christophe Retourna Connected Studio for Multimodal Learning Design p. 57 UEB C@mpus : a Unique Digital Campus p. 69 David Rey Kali, Simplify the Use of HPC Clusters p. 55 Michel Ringenbach So that Big Data does not Mean Big Problems p. 70 Alain Rivet Online Best Practices for System Administration p. 96 Stephane Rocher Microlinux: a Solution for Desktops Virtualization p. 10

126

126 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Nicolas Romero National Education - Education and Research, Gateway Between Two Identity Federationsp. 95 OpenID Connect, the Future of Identity Federation? p. 34 Geneviève Romier FG-Cloud: Community Science-Based Distributed Cloud p. 8 FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71 David Rongeat SourceSup 2015, Collaborative Forge Development for Co-Building p. 100 David Rousse My CoRe, File Sharing and Nomadism p. 6 Franck Rupin “Rendez-Vous”: Web(RTC) Conference as a Service p. 35 Pierre Sagne OpenID Connect, the Future of Identity Federation? p. 34 Christophe Saillard Services catalog, 3 Viewpoints on its Implementation and its Life Cycle p. 24 Olivier Salaün Social2saml : Delegate Authentication to Operators p. 66 Eric Sand Services catalog, 3 Viewpoints on its Implementation and its Life Cycle p. 24 Jonathan Schaeffer Logs Centralization and Management p. 78 Benjamin Seclier OwnCloud Implementation in the University of Lorraine p. 5 Cedric Servaes Security Compliance Process for the Siham-PMS Teleservice p. 14 Sébastien Simenel CASShib or Why I Shibbolethised my CAS p. 22 Pop Sorina Virtual Imaging Platform (VIP) p. 104

127

127 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Evangelos Spatharas GÉANT – Tomorrow’s Secure Research and Education Network p. 39 Peter Szegedi GÉANT Association NRENs for Campuses p. 4 Jean-Luc Szpyrka Kali, Simplify the Use of HPC Clusters p. 55 Jean-Denis Séméria INRIA Service Desk and its Tools p. 23 Gilles Taladoire Feedback on the Attendance Control with Multiservices Cards p. 49 Jade Tavernier PARTAGE : 2 Years Later p. 42 Daniel Terrer INRIA Service Desk and its Tools p. 23 François Thiebolt FG-Cloud: Community Science-Based Distributed Cloud p. 8 Johan Thomas Log Management: Monitoring and Operating IT Assets with Graylog p. 77 Eric Trezel Microlinux: a Solution for Desktops Virtualization p. 10 Andrei Tsaregorodtsev FG-Cloud: Community Science-Based Distributed Cloud p. 8 Anne-Hélène Turpin FranceConnect : Universal Access to Online Services p. 19 National Education - Education and Research, Gateway Between Two Identity Federationsp. 95 SourceSup 2015, Collaborative Forge Development for Co-Building p. 100 Marc Turpin Trusted Certificate Service : The RENATER Certificate Service p. 15 Gaela Vanderhaghen UEB C@mpus : a Unique Digital Campus p. 69

128

128 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Gaëla Vanderhaghen Connected Studio for Multimodal Learning Design p. 57 Luc Veillon Operating a Mailing List Service: Best Practices p. 36 David Verdin Operating a Mailing List Service: Best Practices p. 36 Shibboleth at 200 %: Until Which Load Can You Go? p. 99 Elisabeth Verplanken INRIA Service Desk and its Tools p. 23 Marc Vesin Kali, Simplify the Use of HPC Clusters p. 55 Jocelyn Viallon Collaborative Information System Mapping p. 90 Laurent Voillot FranceConnect : Universal Access to Online Services p. 19 Bertrand Wallrich Digital Safe p. 83 Keys Escrow p. 46 Ismael Zakari Touré Interpret your Flows with Znets2 p. 40 Alain Zamboni Constitution of an Identity Repository (Campus Best Practice 2014) p. 20 Modernization of Data Exchanges of Individuals in the Information System p. 67 Hugo Étiévant Monitoring with OMD (Open Monitoring Distribution) p. 80

129

129 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Abstracts arranged by alphabetical order

6PO: Print Solution Without Driver Os-agnostic p. 88

A CMDB at the University of Strasbourg p. 74

A Decentralised Approach to Achieve Email Infrastucture Scalability p. 43

A Feedback on the Design of a Strong Authentication Solution p. 16

Advanced Virtualization of Windows Workstations Under Linux KVM p. 12

AGIMUS-NG or Usage Indicators of our Digital Services p. 79

AMUE Service Offer p. 89

An Architecture to Combine Strength and Freedom for Web Developers p. 59

An Attack Can Hide Another One p. 50

An Authorization Service for Virtual Organizations p. 65

Angel and / or Demon, Why is Bitcoin Inescapable ? p. 62

Approval and Implementation of the General Security Standard within the Ministry of Education p. 82

Best Practices for Securing BGP p. 25

Building, Configuring, Deploying and Running Distributed, Peta-scale Data Analysis Software at IN2P3 p. 54

Campus Best Practices p. 75

CASShib or Why I Shibbolethised my CAS p. 22

Centralized, Decentralized, Peer to Peer, What Words for the Architecture of Distributed Systems p. 63

CERT OSIRIS: 2 Years Later ... What did They Become ? p. 53

Collaborative Information System Mapping p. 90

Connected Studio for Multimodal Learning Design p. 57130

Constitution of an Identity Repository (Campus Best Practice 2014) p. 20

130 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Contactless Mifare DESFire EV1 Cards p. 48

Data Center Interconnect: EVPN p. 30

Data Protection Governance: a Feedback p. 61

Deployment of the Project "Educational Platform and Tablets (SIDES) Toulouse 3" p. 73

Detection of Network Anomalies by Unsupervised Learning p. 52

Digital Safe p. 83

Digital University Exams: Safety, Technical and Organization p. 72

Feedback on the Attendance Control with Multiservices Cards p. 49

Feedback on the First Wired University Building Using Fiber p. 91

Feedback: Deploying a XiVO Solution of IP Telephony in the Institute of Molecular Biology of Plants p. 45

FG-Cloud: Community Science-Based Distributed Cloud p. 8

FG-iRODS: Pooling of Expertise and Distributed Infrastructure for Seamless and Highly Available Access to Scientific Data p. 71

FileSender : (Huge) File Transfer Service p. 92

FranceConnect : Universal Access to Online Services p. 19

From the Smartphone to the Refregirator : the Password Great Escape p. 31

GÉANT : Helping International Researchers to Adopt eduGAIN p. 32

GÉANT Association NRENs for Campuses p. 4

GÉANT – Tomorrow’s Secure Research and Education Network p. 39

How to Add Salt Everywhere (or How to Salt your Infrastructure) p. 18

IdP Hosting by RENATER p. 33

Implementation of a Common Repository of Individuals Throughout a Region p. 21

Implementing a VDI Solution Based on Dell Workspace p. 11

INRIA Service Desk and its Tools p. 23 131 Interpret your Flows with Znets2 p. 40

131 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

Kali, Simplify the Use of HPC Clusters p. 55

Keys Escrow p. 46

LISP-Lab Platform Presentation p. 93

Log Management: Monitoring and Operating IT Assets with Graylog p. 77

Logs Centralization and Management p. 78

Long-Term Preservation of Research Data from Humanities: a Feedback p. 38

Manage an Immutable Infrastructure in Containers with Docker p. 81

MaP - Multicasting Art Platform p. 58

Measures against DDoS on RENATER p. 94

Microlinux: a Solution for Desktops Virtualization p. 10

Modernization of Data Exchanges of Individuals in the Information System p. 67

Monitor a Laboratory Network With Suricata p. 41

Monitoring with OMD (Open Monitoring Distribution) p. 80

Multi-Domain Virtual Private Network : a Seamless Infrastructure for Regional Networks and NRENs p. 26

Multiplatfom Desktop Virtualization for Linux / Windows / Mac OS X - Feedback p. 9

My CoRe, File Sharing and Nomadism p. 6

National Education - Education and Research, Gateway Between Two Identity Federations p. 95

Network Infrastructure Scalability for Virtualization With VXLAN p. 29

Network Trusted Boot: Deciphering of Linux OS Transparent for the User p. 47

NFV / SDN: a Hybrid Approach p. 28

Numerics : 1, Environment : 0. With EcoInfo, Let Us Change Practices p. 68

Online Best Practices for System Administration p. 96

OpenID Connect, the Future of Identity Federation? p. 34

Operating a Mailing List Service: Best Practices p. 36132

132 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

OwnCloud Implementation in the University of Lorraine p. 5

PARTAGE : 2 Years Later p. 42

PLM MATHRICE DevOps Architecture p. 97

Providing 3D applications through GPU virtualization by AIP-Primeca- Dauphiné-Savoie p. 56

Reclaim Online Privacy, Study of a Caliopen Detail: Privacy Indices and Key Management p. 64

RENATER 6 - Evolution of Switching and Routing DWDM Optical Transport Equipments of RENATER p. 84

“Rendez-Vous”: Web(RTC) Conference as a Service p. 35

Robocert : Semi-Automatic Processing of Security Incidents Through Web Services p. 51

Rosetta, in search of our origins p. 3

Routed Ethernet p. 85

SCAN'ER, a Tool for Detecting Vulnerabilities in Your Networks p. 98

SDN for Dummies p. 27

Security Compliance Process for the Siham-PMS Teleservice p. 14

Security, 10 Years Later p. 13

Services catalog, 3 Viewpoints on its Implementation and its Life Cycle p. 24

Setting up an OpenStack Based IaaS Platform at Lille 1 University: Feedback p. 17

Shibboleth at 200 %: Until Which Load Can You Go? p. 99

So that Big Data does not Mean Big Problems p. 70

Social2saml : Delegate Authentication to Operators p. 66

SourceSup 2015, Collaborative Forge Development for Co-Building p. 100

Statistical Tools for Data Mining in Log Files p. 76

"Sustainable Development” Initiatives at a University's IT Department p. 101 133 Synchronize and Share Documents With Seafile p. 7

133 of 134 07/12/15 23:29 JRES 2015 - article(s) - abstract https://conf-ng.jres.org/2015/renderabstract.html...

The Service Offering of the CNRS p. 102

Timing, determinism control, and security in networks p. 86

Trusted Certificate Service : The RENATER Certificate Service p. 15

UEB C@mpus : a Unique Digital Campus p. 69

Video Archiving and Transcoding Platform p. 37

Vim, the Administration Console that You Were Missing p. 103

Virtual Imaging Platform (VIP) p. 104

Virtual Reality for System Administration p. 105

What Confidence Can We Have in X.509 Certificates? p. 60

WINLOG p. 106

Youth of Mac Pro 2009/2010: Iron Needed! p. 107

Zimbra for Bordeaux University : Deployment and Feedback p. 44

134

134 of 134 07/12/15 23:29