Dec. 5-9, 2022 | Sheraton Denver Downtown Hotel | Denver, Colo.

Tutorials, Workshops and Co-Located Meetings

Take a look at the tutorial topics we offer for TechEX 2022, held Dec. 5-9, 2022 at the Sheraton Denver Downtown Hotel in Denver, Colo., and consider registering for one (or two) of the sessions!

Learn and Share Your Expertise

TechEX 2022 small logo

2022 Technology Exchange tutorials are held Monday, Dec. 5.

The Technology Exchange, held at the Sheraton Denver Downtown Hotel in Denver, Colo., brings together our community to share technical expertise, impart lessons learned, and discuss visions for the future. As a bonus, our community also offers tutorials where we train each other. Please review the topics below! We offer tutorials and workshops throughout the day on Monday, Dec. 5.

NOTE: All events on this page require separate registration through the same portal. Most have an associated fee to help defray costs. To participate in these tutorials, which are held Monday, Dec. 5, you will need to register for the appropriate tutorials or workshops as part of your event registration. (View our event registration page for more details.) Space is limited for each of these, so plan to register early! All activities take place at the host hotel Sheraton Denver Downtown.

View Tutorials, held Monday, Dec. 5

Title Abstract Time
AWS Game Day

GameDay is a collaborative learning exercise that tests skills in implementing AWS solutions to solve real-world problems in a gamified, risk-free environment. This is a completely hands-on opportunity for technical professionals to explore AWS services, architecture patterns, best practices, and group cooperation.

Our approach is unconventional compared to other learning formats. Ambiguity and non-prescriptive guidance allow teams the flexibility to think creatively as they navigate a wide array of technical challenges. There is no one right answer; teams pave their own path based on resources we provide them with in live AWS accounts. If you enjoy open-ended challenges without step-by-step instructions, look no further.
9 a.m.-5:00 p.m.

FABRIC Early Experimenter Tutorial

If you could build the next Internet what would it look like? FABRIC is developing an advanced national network infrastructure that will help network, security and systems researchers do just that, and along the way helps make scientific discoveries faster and easier by improving the underlying complex cyberinfrastructure and algorithms. In this tutorial potential FABRIC early experimenters will enroll onto FABRIC, learn how to use the FABRIC portal and manage their credentials through the portal and create basic experiments using FABRIC Jupyter Hub. The participants will learn to use FABRIC experimenter-facing features including FABlib Python API library and FABRIC experiment measurement capabilities.

This tutorial does not require prior familiarity with FABRIC, although a basic understanding of Linux command line, the use of SSH, Jupyter Notebooks and Python are recommended. Attendees are required to bring their own laptops. They are strongly encouraged to complete FABRIC enrollment before the start of the tutorial.
8:30-11:30 a.m.

Hands-on Tutorial on BGP

This tutorial, organized by the Engagement and Performance Operations Center (EPOC) and the University of South Carolina will provide effective hands-on training on BGP, from concepts to real implementation, conducted in a safe, virtual environment.

The tutorial will allow attendees to: 1) deploy internetworks composed of multiple ASs connected via BGP, running a production-grade BGP implementation; 2) manipulate BGP options and attributes without the fear of disruptions, thus enabling them to implement different policies; 3) acquire advanced BGP routing skills; and 4) familiarize with a platform that supports high-speed rates of 10 Gbps and above, using a real protocol stack implementation. Attendees will be provided with detailed laboratory manuals and training platform, accessible from the Internet using a regular web browser (no SSH, Telnet, or other requirements). Access to the training platform will be granted for six months. Other advanced topics will include MPLS, EVPN, and Multi-protocol BGP.
8:30-11:30 a.m.

Hands-on Introduction to COmanage Match

COmanage Match v1.0.0 was released earlier this year. COmanage Match performs identity deduplication to minimize the creation of duplicate accounts for the same individual. Match can be used with COmanage Registry or as a standalone product complementary to your other tools. In this tutorial, you will learn how to set up matching rules, how to use dictionaries to set up more sophisticated matches, and techniques for testing and refining your match rules. Each participant will need a device with web browser capability.8:30-11:30 a.m.

perfSONAR provisioning with Ansible

This tutorial walks through the process of provisioning and configuring a full perfSONAR deployment with Ansible automation. This will cover measurement test-points, data archives, dashboards, and schedule publishers. We will discuss component infrastructure dependencies and overall system architecture in detail.8:30-11:30 a.m.

Secure Coding Practices & Dependency Analysis Tools

HPC increasingly involves the development and deployment of network and cloud services. These services must assure data integrity and availability while providing access to a global scientific and engineering community.

Securing your network is not enough. Every service that you deploy is a window into your data center from the outside world, and a window that could be exploited by an attacker.

This tutorial is relevant to anyone wanting to learn about minimizing security flaws in the software they develop or manage. We share our experiences gained from performing vulnerability assessments of critical middleware. You will learn skills critical for software developers and analysts concerned with security.

Dependency analysis tools – tools that find weaknesses in the software supply chain – are the first line of defense in assessing the security of a software project. These tools can catch flaws in the packages and libraries a program depends upon, and that affects the safety of the application. This tutorial is also relevant to anyone wanting to learn how to use these automated dependency analysis tools to minimize security flaws in the software they develop or manage.
8:30-11:30 a.m.

ADFS Toolkit for IdP & Fed Operators

The ADFS Toolkit has evolved over the years into the powerful and versatile tool it is now. It’s not only a ingest tool anymore for consuming federation metadata, but it now also consists of several additional components: – An authentication provider – for supporting Refeds MFA – A custom attribute store – for supporting the new entity categories with pairwise-id and subject-id that needs calculations and string functions ADFS don’t have native (base32 encoding and more) – Support for federation statistics via f-tics – Custom tools for handling metadata XML, ADFS Toolkit Health, local hash cache – And more…

ADFS Toolkit is built for IdP administrators but it’s important that it is well-understood and well-supported by the federation operators too. This tutorial is about how they can level up the knowledge about ADFS Toolkit and learn how they can/should(?) support it. ADFS Toolkit has always had native support for entity categories within eduGAIN but now it also has the possibility to add federation-specific entity categories and/or overrides.

Another addition is support for Refeds MFA together with Azure MFA or other MFA-providers (like Duo). This has been the big stopper for ADFS for a long time but is now supported and we would like to share the information about this. The federation operators can also support the IdP administrators by providing a federation defaults file. Federation defaults are used when the IdP administrator creates the configuration file and provides default values for configuration items (like the URL to the metadata, the thumbprint for the metadata signature certificate and more) and other valuable comments.

Over the years different issues has prevented organizations for using ADFS in the federation even though they have it to login to their Microsoft 365 tenant. Handling multiple identity solutions is both time-consuming and it’s hard to keep the competence up to date. Most of the issues are now solved by the ADFS Toolkit, and the only big known issue left is the handling of certificate lifetime. This tutorial will be focused on demos and how-to’s. We will show everything from a bare bone installation with no configuration to a full-blown Refeds MFA working solution. We will also show tips and tricks on how to use ADFS Toolkit for administrative tasks and how it can be used for SPs outside the federation.
1:30-4:30 p.m.

Hands-on Tutorial on P4 Prog. Data Plane

This proposal is to conduct a hands-on tutorial on P4 Programmable Data Plane switches. The tutorial will be organized by the University of South Carolina (USC).

This tutorial provides Information Technology (IT) professionals with motivation and an introduction to P4 programmable data plane switches. The tutorial will include a motivation for this technology, such as new infrastructures using P4 switches (e.g., FABRIC) and campus networks using programmable data planes. Then it will cover the fundamentals of programmable switches: P4 building blocks, parser implementation, populating match-action tables, and others. Topics will be reinforced with hands-on laboratory experiments.

The tutorial will allow attendees to: 1) Describe the elements of the Protocol Independent Switch Architecture (PISA); 2) Define protocol headers and header fields in P4; 3) Write simple parsers using P4; 4) Define and populate match-action tables, and 5) Use stateful elements in the data plane.

Attendees will be provided with detailed laboratory manuals and training platform, accessible from the Internet using a regular web browser (no SSH, Telnet, or other requirements). Access to the training platform will be granted for six months.
1:30-4:30 p.m.

Managing Metadata with Shib IDP UI

Shib IDP UI is part of the ITAP stack that is waiting to be a highlight in your deployment. Folks often ask:
-What can it do for me?
-How can I use it in my current environment?
-What is the future?
As we work toward next steps, we’d like to work with you to establish some recommendations and best practices for installing, configuring, and integrating Shib IDP UI in multiple environments.
1:30-4:30 p.m.

Resilient Connectivity Architectures for Your Cloud Environment

This tutorial aims to help network engineers and cloud developers understand common cloud network architectures. By the end of the session you will understand how you can leverage Internet2’s network for cloud services, as well as the commodity Internet, to support resilient connectivity to your cloud service providers.

-How Internet2’s services support networking for cloud
-Internet2 Peer Exchange (I2PX) for SaaS cloud services
-Internet2 Cloud Connect (I2CC) to provide a cloud on-ramp for direct connections
-Internet2 Rapid Private Interconnect (RPI) for niche cloud service providers
-What is I2CC? Why, how and when to use I2CC
-Common cloud network architectures
-Leveraging I2CC Cloud Router for Layer3 services
-Putting it all together!
-What’s next?!

This tutorial requires no background in networking for cloud, just an interest in applying networking architectures to support extending traditional computing into cloud environments
1:30-3:30 p.m.

Scalable RDM in the Cloud with Globus

Globus is an established cyberinfrastructure for managed file transfer and secure data sharing across the Internet2 community. Building on this installed base, we have grown Globus into a comprehensive platform for research data management that includes services for data description and discovery, protected data management, and automation. Over the past three years we have enabled access to these capabilities on diverse storage systems, including on-premises and public cloud storage, and spanning multiple storage tiers, from high-performance filesystems through archival.

In this tutorial, we will provide an overview of Globus platform services and demonstrate how they can be used to manage data on cloud storage systems. We will also describe how data flows (and other research tasks) may be automated at scale so that investigators can fully leverage their investment in cloud storage. The tutorial will include a mix of presentations, live demonstrations, and hands-on exercises that allow attendees to experiment with the Globus service.
1:30-4:30 p.m.

Working Meetings

Sunday, Dec. 4

Monday, Dec. 5

Tuesday, Dec. 6

Wednesday, Dec. 7

Thursday, Dec. 8

Friday, Dec. 9


View Co-Located Meetings, held throughout the week

Title Abstract Date/Time

REFEDS articulates the mutual needs of research and education identity federations worldwide. Many participants represent national identity federations. For more on REFEDs, see, Dec. 5,
9 a.m.-5:00 p.m.


NetGurus is a group of campus Network Engineers/Architects that meet to contribute and learn from each other for the betterment of the broader education and research community. Participants discuss networking topics in a round table format to encourage open discussion and knowledge sharing.

Typically, they meet before or after a conference to discuss items of interest. Many times, topics are suggested ahead of time to encourage participation. To allow for orderly discussion and to maximize individual participation, meetings are limited to 30 attendees on a first come, first serve basis. Also, please limit participants to a max of two (2) per institution.
Friday, December 9,
9 a.m.-5:00 p.m.