Internet2 Roadmap Priorities

Infrastructure and Services

Provide access to information and resources important to the R&E community via intuitive, robust, secure, intelligent, and ubiquitous infrastructure and services.

Update: October 2024

Progress was made with the Infrastructure and Services objectives that Internet2:

Improve the Internet2 website to ensure content and relevant information is easily discoverable
Expand Cloud Connect to the seven interconnect locations and RPI network-wide
Publish the InCommon Futures2 Report
Enhance International Connectivity

Other Roadmap Priority Updates

Internet2 continues to provide feedback to community leaders and advisory groups after receiving valuable input during the initial phases of the Internet2 Roadmap.

October 2024 Updates:

Internet2 continues to update its web pages to ensure content and relevant information are available and easily findable for the community. Internet2 made significant improvements, and completed a homepage refresh and redesigned the service pages featured on the organization’s website. This work aimed to clarify and improve service catalog accessibility and functionality based on community feedback and input from the Internet2 roadmap effort. Key design changes included a more discoverable and manageable menu structure, enhanced user journeys, and a new catalog, categories, and service pages. Internet2 plans to conduct regular user testing and surveys post-implementation to ensure the modifications align with user expectations and preferences.

Community Engagement continues to engage and inform the community with messaging in ways that target our multiple stakeholders on services, solutions, and engagement opportunities through multiple channels and various touch points.

In 2025, Internet2 will work closely with the InCommon team to refresh and redesign the InCommon website based on new messaging, positioning, and brand updates completed in 2024.

Original Priorities Identified Before October 2024:
- As the number and types of Internet2 services and offerings have significantly increased in the past decade and because they also provide value to a more diverse set of stakeholders, the Community Engagement (CE) division will lead an effort to identify key stakeholders (and groups) and work to prioritize these and their needs while also developing approaches that make it easier for these prioritized groups to have the information they need in an easier fashion through Internet2’s digital communications.
- Community Engagement will work to refine the Internet2 Service Catalog on the Internet2 website to make it easier to understand the service and solution offerings, the value proposition and business need, and the eligibility requirements to access or acquire the service/solution.
- CE will lead the development of improved and refined UX/UI on both the Internet2 and InCommon websites so the community can easily navigate and access available services and solutions.
- CE will help create and guide the user journey to help discover information across all Internet2 web-based platforms (e.g., legal, procurement, C-suite, technical, etc.).
- CE will create and maintain a matrix of Internet2 services, solutions, benefits, and value that articulates the ability of all stakeholders to leverage those benefits based on relationship (member type, non-member by type – higher ed, K-12, etc).
- Community Engagement will continue to engage and inform the community with messaging in ways that acknowledge and target the different stakeholders on services, solutions, and engagement opportunities in a manner that resonates with their business needs.
  - CE will develop approaches that are not complicated for the stakeholders as prioritized.
  - CE will also consult at least twice a year with key stakeholder groups to create feedback mechanisms designed to continuously improve our communications, digital experience, and engagement channels.
October 2024 Updates:

Upgrade and automate the network:

The expansion of Cloud Connect to the seven interconnect locations and RPI network wide – and the optimization of those locations – has been a key strategic goal for the Network Services division. Recently, team members – from both the network infrastructure and infrastructure software & systems teams – completed the first hardware replacements and site consolidations in this program. The second replacement will be conducted in November, and the five remaining sites will be completed in 2025. All sites will receive redundant Cisco NCS 57D2 routers to provide peer-facing connectivity at 10G, 100G, and 400G line rates. Additionally, sites are being prepared to supply additional 400G peer facing connectivity to meet developing demands for cloud and AI applications.

Team members have also continued to implement performance improvements to the core platform, following a first principle of continual improvement. These projects included the removal of route reflectors from the core network configuration, the initial deployments of discrete coherent optics, as well as the migration of core network management functions to Chicago (including the Monsoon ISS cluster and the optical management software.) Significant augmentation of the network core also occurred, with additional nodes added in the northeast US (for NEREN) and in Fargo (for NDSU and Northern Lights Gigapop).

Flexibility Enhancements:

The Insight Console saw considerable development across 2024, following its initial launch in November 2023. Major improvements were made to the design and user experience for the flagship Virtual Networks feature, including interface improvements making resources easier to troubleshoot and manage and support for 10 Gb connections. A new home page, main menu, and site navigation design was implemented, along with fixes and improvements in the search function and session handling. The Looking Glass function was expanded to include support for multiple hardware platforms and to include the devices deployed at Internet2’s Global Exchange (GXP) endpoints. A new documentation website was authored and deployed. Finally, considerable sustainability and maintainability changes were implemented, including rigorous automated quality-assurance testing and improved support for rapid iteration and release of new versions.Expand Insight Console and NS API support to include the full platform, including international exchange points.

Research 5G/6G Integration:

Internet2 has started to develop initial relationships with neutral host providers as part of its independently leveraged NET+ programmatic and I2PX strategic peering activities. We will establish direct peering with a neutral host provider to transport mobile offloaded traffic through the R&E networks.

Promote Routing Integrity:

We are actively engaged in the following initiatives to promote and enhance routing integrity:
- Collaborating Globally: We are working with the international Research and Education Network (R&E) community to develop and implement technical controls based on published routing policies (via IRR). This collaboration strengthens resistance to harmful routing leaks while preserving the resilience of our interconnected networks.
- Community Engagement: We actively engage the Internet2 community through blogs, podcasts, office hours, and personalized assistance. Our goal is to deepen the community’s understanding of the role and importance of routing integrity.
- Influencing Standards Development: We are partnering with standards bodies such as ARIN and MANRS to ensure that the needs of the R&E community are incorporated into the evolution of routing integrity standards.
Support RPKI Adoption

Our ongoing efforts to promote RPKI adoption include:
- Advocating to Decision-Makers: We are elevating the importance of Resource Public Key Infrastructure (RPKI) adoption among decision-makers through informative blogs and presentations.
- Empowering Engineers: We provide continuous support to engineers by offering workshops, office hours, and one-on-one sessions. These efforts help develop the skills necessary for deploying RPKI Route Origin Authorizations (ROAs).
- Simplifying Implementation: We are collaborating with DDoS mitigation vendors, Internet2 BGP participants, and organizations like NANOG to streamline and clarify the process of identifying RPKI-ROA requirements for DDoS-protected networks.
Original Priorities Identified Before October 2024:
- Upgrade and automate the network: Expand RPI to all seven peering locations, scale and expand backbone capacity in a sustainable manner, , and expose core network API for dynamic science applications.
- Flexibility Enhancements: Expand Insight Console and NS API support to include the full platform, including international exchange points.
- Research 5G/6G Integration: Engage the community on 5G and DAS technologies, train staff on current developments.
- Explore AI-driven Network Management: Engage the community on AI analytics and consider augmenting staffing.
- Improve BGP routing: Support BGP by improving routing information accuracy, aligning with best practices, and leveraging the Insight Console for self-service.
- Promote Routing Integrity: Improve routing security for the R&E community by promoting Routing Integrity Core Practices and publishing a scorecard.
- Support RPKI Adoption: Emphasize RPKI’s importance for route hijacks detection and mitigation, aligning services with community needs.
October 2024 Updates:

The InCommon Futures2 Report was completed/published in January of 2024 and is available on the InCommon Policies page. Activity areas have been established to support the major themes outlined in the plan.

Original Priorities Identified Before October 2024:

In 2009, Internet2 community leaders gathered to develop “The InCommon Futures Report.” This report was submitted to Internet2 and its board as a set of recommendations to ensure InCommon’s growth and adaptation at a critical juncture in its development. At the time, InCommon was serving about 100 institutions. Most of the recommendations of that report were prioritized and InCommon is now serving more than 1,000 institutions and organizations.

Over the last 20+ years, the United States higher education community has collaborated to design and build an infrastructure, build and curate tools, and develop a community of identity and access management (IAM) professionals through events and training for the purposes of enabling extra-institutional access to data workflows to support global collaboration — in secure and privacy preserving ways — in the support of research, learning, and campus life. The locus of these activities has been the InCommon community.

During several periods over these 20 or so years, there has been a confluence of dynamics that have compelled the community to conduct an assessment of its capabilities and determine future directions. During each of those periods, non-disruptive and mostly subtle adjustments were made to accommodate the changing dynamics. In 2023, there is ample evidence for needing another moment of reflection and assessment. In fact, it can be safely said that the dozens of technical and executive thought leaders in and around InCommon are rapidly coming to the conclusion that this time is different, that potentially disruptive and more than subtle adjustments to direction are needed and needed soon.

A foundational premise for all services and capabilities developed by InCommon — the organization and the community — is that InCommon (the organization) performs the functions that are best done together or can only be done together. To continue to enable global collaboration and operational efficiency that meets and anticipates the needs of United States higher education, our community must examine the current and desired future states of InCommon infrastructure, tools, training, and advocacy.

As InCommon enters a new era of opportunity in an ever-changing environment, the InCommon Steering Committee in conjunction with InCommon management is beginning a planning initiative (“Futures2”) to develop a plan of outcomes that will shape its strategies to ensure its relevance in the next five years and that are structured to meet the evolving trust and identity (T&I) and R&E landscape and competitive challenges.

Status: The InCommon “Futures2” work is in progress and scheduled to be completed by 1 Feb 2024. A commercial planning partner SecondMuse has been secured to assist. There has been a broad community survey, 1:1 interviews, roundtables, and meetings with all of the various advisory bodies in the Trust and Identity Services ecosystem of advising. Ongoing monitoring and stewardship of the project is being conducted by the InCommon Steering Committee and InCommon/Internet2 staff.
October 2024 Updates:

Enhance International Connectivity:

CANARIE, ESnet, and GEANT, Internet2 unveil 1.2GB of R&E capacity across the Atlantic

In March Internet2, in a joint effort with CANARIE, the Energy Sciences Network (ESnet), and GÉANT, announced today a major expansion of 400 gigabits per second (Gbps) transoceanic circuit capacity dedicated to transferring research and education (R&E) data. As part of the Advanced North Atlantic (ANA) collaboration, this marks a significant achievement in high-speed connectivity between North America and Europe, supporting data-intensive science globally.

ANA’s network expansion supports multinational, data-intensive science collaborations, including the Large Hadron Collider (LHC), the world’s largest and most powerful particle accelerator, and the Square Kilometer Array (SKA), the ongoing effort to build the world’s largest radio astronomy observatory. It adds much-needed capacity for transmitting instrument findings to researchers globally, enabling ground-breaking discoveries. Learn more about the partners and the impact this capacity will have on global research here.

Boston Global Exchange Point added into Internet2 International services offering

In response to community demand, Internet2 completed the commissioning of a new global exchange point in Boston, Massachusetts. This expanded Internet2’s east coast peering to three interconnected sites, additionally including New York (MAN/LAN) and Washington (WIX). The new exchange point is based on the Arista 7280PR3 platform and offers 400G connectivity for members connecting both domestically and transatlantic.

Original Priorities Identified Before October 2024:
- Expand Cloud Analytics and Monitoring: Leverage both internal and commercial toolset to better monitor both platform and cloud applications performance; proactively detect changes in performance levels.
- Enhance International Connectivity, including NA-REX: Upgrade Internet2 global exchange points to 400 Gbps native. Complete dedicated NA-REX infrastructure, unified instrumentation, and participate in architecture co-development activities for domestic exchange points. Boost participation in global architecture development.
- Promote Routing Integrity: Boost the R&E community’s protections by promoting Routing Integrity Core Practices and tracking progress via a scorecard.
- Emphasize RPKI: Highlight RPKI’s role in route hijack detection and mitigation, aligning services with community needs.
October 2024 Updates:
- The Cloud Scorecard now boasts over 80 services represented. In Q4 2024, a new Scorecard is being unveiled with improved usability and a new business model. View the Cloud Scorecard.
- CLASS, Cloud Learning and Skills Sessions, continues to adapt to meet the constantly changing needs of cloud architects and engineers in higher education.
- This year was a busy one for the NET+ Business, Procurement and Legal Advisory Committee (BPLAC), BPLAC developed and publish a Community Framework for IT Vendor Management.
Original Priorities Identified Before October 2024:

The NET+ program and Internet2’s overall cloud programs are evolving from efforts to support cloud access to cloud optimization and scaling. Internet2’s efforts to support the R&E community’s use of essential cloud services focus on four key areas:
1. Facilitating access to commercial cloud services (NET+)
2. Training and workforce development (Cloud Learning and Skills Sessions (CLASS))
3. Cloud service insights (Cloud Scorecard, Institutional Profiles)
4. Vendor management at community scale (NET+)
Over the past several years, Internet2 has made meaningful investments in the first two areas and jumpstarted internal and community efforts in the third and fourth areas. Understandably, all four of these areas are interrelated and are key to supporting efforts to improve and scale the use of essential cloud services.

Internet2 will continue to work with the community to invest in a NET+ portfolio of services, with a focus on services that represent emerging technical needs for the community (e.g., cloud storage migration services, governance, risk and compliance (GRC) services, or services where there is a challenge with a market incumbent that necessitates the community coming together to engage in collective negotiation (e.g., Google Workspace). Current emerging areas include cybersecurity services, vendor risk management/GRC services, and data migration services. In these emerging areas, Internet2 would be best served by leveraging competitive procurement processes to identify potential NET+ service providers to support the future adoption of the services by the most institutions in the R&E community as possible.

Because many, if not most, R&E consortial organizations are engaging in the facilitation or brokerage of cloud services, Internet2 should continue to focus on the areas where it is uniquely situated to provide value-add while other community organizations can support access to commodity services.

Cloud technologies continue to change and advance at a rapid pace. For example, AWS released a total of 119 new services and features in 2022. Keeping up with the latest technical advancements is difficult for information technology staff. This problem is compounded by the significant turnover at R&E institutions of staff who are experienced and skilled in cloud infrastructure and architecture as a result of the “great resignation.”

The Internet2 CLASS program was originally designed to address the gap in training that existed for researchers and research computing and data (RCD) professionals. The CLASS program continues to serve this purpose by providing custom training for the research community and has expanded to support the training needs of enterprise IT as well. This primarily has consisted of cohort-based training programs designed around certification programs for some of the leading Infrastructure as a Service (IaaS) providers. These training courses remain popular. For example, the AWS Solution Architect Associate training has maintained a waitlist since it was originally offered in early 2022 and is currently in its fifth cohort. Many of these enterprise-focused trainings are already provided for free by the cloud service providers themselves. The CLASS programs provide value add by convening an R&E cohort with an instructor/mentor from the community. This builds a sense of community during and after the training. A major challenge in moving cloud training forward is the need for two very different business models, one for serving research needs and one for serving enterprise needs.

The CLASS program funding model today is dependent on per-course payments to Internet2 and in-kind contributions from the cloud service providers and/or their channel partners. Further work should be done to validate the long-term sustainability of this model or explore other models to meet the ongoing needs of the community in this area.

Both the Cloud Scorecard and Institutional Profiles efforts within the Internet2 NET+ program center around how we collect and expose data about cloud services compliance with standards and usage to participating institutions to use as insights to make better-informed decisions. Development of these platforms are essential to move community sharing from email lists and conversations into actionable insights. This becomes more essential as higher education leadership changes and we seek to be more inclusive as a community. Further, Internet2 collects data related to NET+ services that can be made available to subscribers to support individual organizations and broader community efforts.

The Cloud Scorecard Directory is currently a pilot project to provide a way for R&E institutions to review a completed Cloud Scorecard. Internet2 is currently engaged in an effort to identify a platform for the Cloud Scorecard to serve as a permanent home as the effort moves beyond the pilot phase. The long-term goal is to create a cloud service discovery platform that allows R&E institutions to quickly access vendors’ support for technology and compliance standards while supporting the discovery of services that meet those requirements.

The Institutional Profiles collect and share usage information like software release version, add-on services, integrations, service administration name and contact information, and other data about services. These opt-in profiles are available in pilots of NET+ Canvas and NET+ ServiceNow today. A different version of service benchmarking is in place today for NET+ IaaS services, AWS and Google Cloud Platform (GCP), to provide institutions insights into service usage and other information based on usage data Internet2 receives from the service providers’ channel partners. Both of these efforts have been well received and are areas of investment in future years.

Vendor management has already been at the core of the NET+ program and is essential to the management of commercial cloud services. As more organizations in the R&E community rely upon commercial cloud services for key technology solutions, a focus on vendor management will be even more essential. Vendor management is critical to sustaining cost-effective IT operations with the growth in venture-backed, privately held corporations focused on growth and publicly traded corporations focused on profitability.

Vendor management of cloud services has already been identified through the work of the NET+ Business, Procurement and Legal Advisory Committee (BPLAC) as a priority area for the Internet2 NET+ and an area for increased engagement across the R&E community. As part of efforts in this area, there is currently a vendor management working group developing best practices for the community as well as identifying ways to integrate the best practices into the NET+ program to support national scale vendor management efforts.

Status: All directions and initiatives are in motion. Ongoing advice and tracking happening with the NET+ Program Advisory Group (PAG), Cloud Services, Technology, and Architecture Advisory Committee (CSTAAS), and Business, Procurement and Legal Advisory Committee (BPLAC).
October 2024 Updates:

eduroam continues to grow in both “classic” adoption and with the eduroam Support Organization (eSO) program. As of Q4, 2024, the number of organizations subscribed to eduroam is 1,167 – an almost 300% increase in the last decade. The eduroam Support Organization program expanded in 2024, now including Minnesota and Michigan, for a total of nine eSOs as 2024 comes to a close.

The eduroam Support Organizations program now serves nine states: Arizona, Connecticut, Michigan, Minnesota, Nebraska, Nevada, Oregon, Utah, and Washington.

Original Priorities Identified Before October 2024:

Internet2 operates the United States node for the global eduroam roaming Wi-Fi network for R&E. eduroam is available in more than 100 countries, including more than 1,000 universities and non-profits in the United States. Individuals use their campus credentials to use the service. In 2022, the United States eduroam community grew the number of United States service locations to 2,958, the second largest number of service locations in any country in the world.

The eduroam Support Organization (eSO) Program is creating a new explosion of eduroam adoption beyond higher education campuses. Working with state and regional networking organizations, Internet2 has expanded the reach of eduroam in Utah, Nebraska, Arizona, Oregon, and Connecticut. More recently the state of Washington and Nevada have entered the onramp for becoming an eSO. Internet2 will continue to develop and expand eduroam through the eSO.

Via the leadership of the eduroam Advisory Committee, Internet2 will also continue to improve interoperability, ease of installation, and various aspects of security of the platform.
October 2024 Updates:

One of the directions established in the InCommon Futures2 Report is a subtle but strategically important refactoring of the comprehensive community advising structure that has long served InCommon well. As a result of this on-going shift, the Community Architecture Committee for Trust and Identity] has recently helped collate and submit feedback to the NIST request for feedback to changes in the NIST Digital Identity Guidelines.

InCommon continues to partner with the NIH to drive forward InCommon’s ability to adapt to emerging requirements around “levels of assurance” in inter-organization access management. The InCommon Community Trust and Assurance Board (CTAB), has launched a working group to address some of these challenges and questions.

The InCommon Community Trust and Assurance Board continues to support a regularly occurring tabletop exercise to support the international SIRTFI requirements in inter-federation security response capabilities. Another exercise is being organized for autumn of 2024 .

Original Priorities Identified Before October 2024:
When InCommon was founded in 2004, identity and access management and trust federations were a brave new world. The thought leaders at Internet2 and in the community were cutting into new territories in technical, business, and policy directions. Over the ensuing years, other industries emerged from their IAM slumber, and governments got into the business of funding ideas and eventually establishing standards for security, privacy, and trustworthiness.

In the earliest days of these activities, a small number of global thought leaders convened as the Middleware Architecture Council for Education (MACE). Tracking industry and government sensibilities around trust, security and privacy was largely done at MACE, in a complicated but much smaller landscape than we encounter today. Tracking such trends is of paramount importance to ensure that the directions and efficacies of our jointly developed solutions are on the mark. For some years, Internet2 and community leaders became consumed with the implementation of their original directions. We now need to return to not only tracking government and industry trends but also influencing them in coordinated ways, globally.

Recently, the domestic and global trust and identity communities have found their old muscles of tracking and influence. Recent and upcoming changes to the web browser ecosystems designed to improve privacy for consumers and citizens could have deleterious effects on global R&E federations and how they interact with one another.
- The InCommon Technical Advisory Committee and Internet2 and InCommon staff have participated with colleagues globally to positively affect the emerging practices of the major browser vendors (Google, Mozilla, and Apple).
- The National Institute of Standards and Technologies (NIST) is currently in a request for comment on updates to the NIST 800-63 “Digital Identity Guidelines” framework.
- The Community Architecture Committee for Trust and Identity (CACTI) gathered requirements from community leaders to present aligned responses to this call, specifically to 800-63C “Digital Identity Guidelines – Federation and Assertions.”
This coordination of influence has had an impact on the work of the Community Trust and Assurance Board (CTAB), the community body responsible for curating InCommon’s Baseline Expectations Program. CTAB and CACTI work in complementary ways to help incorporate emerging standards of trust into InCommon practices. This adoption is of critical importance to an InCommon participant such as NIH which is held to high standards for security and privacy.

Status: The technical advisory committees for InCommon (Technical Advisory Committee, Community Trust and Assurance Board, Community Architecture Community for Trust and Identity) will continue to track emerging commercial and government standards and practices.

Internet2 Continues to Process Feedback, Develop Initiatives

Internet2 will continue to evaluate the rapid pace of change in technology and innovation to ensure we include processes to regularly reassess individual initiatives for relevancy considering broader changes to the research and education landscape. Additionally, Internet2 will utilize the 2024 established working group on innovation and transformation, chaired by community members. This working group will be a vehicle to assess new issues that emerge over time.

Thank You

Internet2 would like to thank all who participated in this effort and provided us with such rich feedback on Internet2’s Future Roadmap. We believe we have developed a strong cohesive plan that will support the needs of the community for the coming years. While some of the initiatives are, or have been, underway, others will just be starting and may require further discussion and collaboration as they develop. As always, we look forward to working with you together on these initiatives, and we will provide regular updates on the plans as we progress and move forward.

Back to the Internet2 Roadmap

Featured Services

NET+ Cloud Services

Network Services

InCommon Services

Infrastructure and Services

Update: October 2024

Other Roadmap Priority Updates

Internet2 Continues to Process Feedback, Develop Initiatives

Thank You