Provide access to information and resources important to the R&E community via intuitive, robust, secure, intelligent, and ubiquitous infrastructure and services.
Internet2 Roadmap Priorities
Infrastructure and Services
Provide access to information and resources important to the R&E community via intuitive, robust, secure, intelligent, and ubiquitous infrastructure and services.
Internet2 received valuable input during the
initial phases of the Internet2 Roadmap, and is presenting feedback to community leaders and advisory groups.
Within the Infrastructure and Services priorities, it was expressed that Internet2 should work to develop:
- As the number and types of Internet2 services and offerings have significantly increased in the past decade and because they also provide value to a more diverse set of stakeholders, the Community Engagement (CE) division will lead an effort to identify key stakeholders (and groups) and work to prioritize these and their needs while also developing approaches that make it easier for these prioritized groups to have the information they need in an easier fashion through Internet2’s digital communications.
- Community Engagement will work to refine the Internet2 Service Catalog on the Internet2 website to make it easier to understand the service and solution offerings, the value proposition and business need, and the eligibility requirements to access or acquire the service/solution.
- CE will lead the development of improved and refined UX/UI on both the Internet2 and InCommon websites so the community can easily navigate and access available services and solutions.
- CE will help create and guide the user journey to help discover information across all Internet2 web-based platforms (e.g., legal, procurement, C-suite, technical, etc.).
- CE will create and maintain a matrix of Internet2 services, solutions, benefits, and value that articulates the ability of all stakeholders to leverage those benefits based on relationship (member type, non-member by type – higher ed, K-12, etc).
- Community Engagement will continue to engage and inform the community with messaging in ways that acknowledge and target the different stakeholders on services, solutions, and engagement opportunities in a manner that resonates with their business needs.
- CE will develop approaches that are not complicated for the stakeholders as prioritized.
- CE will also consult at least twice a year with key stakeholder groups to create feedback mechanisms designed to continuously improve our communications, digital experience, and engagement channels.
- Upgrade and automate the network: Expand RPI to all seven peering locations, scale and expand backbone capacity in a sustainable manner, , and expose core network API for dynamic science applications.
- Flexibility Enhancements: Expand Insight Console and NS API support to include the full platform, including international exchange points.
- Research 5G/6G Integration: Engage the community on 5G and DAS technologies, train staff on current developments.
- Explore AI-driven Network Management: Engage the community on AI analytics and consider augmenting staffing.
- Improve BGP routing: Support BGP by improving routing information accuracy, aligning with best practices, and leveraging the Insight Console for self-service.
- Promote Routing Integrity: Improve routing security for the R&E community by promoting Routing Integrity Core Practices and publishing a scorecard.
- Support RPKI Adoption: Emphasize RPKI’s importance for route hijacks detection and mitigation, aligning services with community needs.
In 2009, Internet2 community leaders gathered to develop “The InCommon Futures Report.” This report was submitted to Internet2 and its board as a set of recommendations to ensure InCommon’s growth and adaptation at a critical juncture in its development. At the time, InCommon was serving about 100 institutions. Most of the recommendations of that report were prioritized and InCommon is now serving more than 1,000 institutions and organizations.
Over the last 20+ years, the United States higher education community has collaborated to design and build an infrastructure, build and curate tools, and develop a community of identity and access management (IAM) professionals through events and training for the purposes of enabling extra-institutional access to data workflows to support global collaboration — in secure and privacy preserving ways — in the support of research, learning, and campus life. The locus of these activities has been the InCommon community.
During several periods over these 20 or so years, there has been a confluence of dynamics that have compelled the community to conduct an assessment of its capabilities and determine future directions. During each of those periods, non-disruptive and mostly subtle adjustments were made to accommodate the changing dynamics. In 2023, there is ample evidence for needing another moment of reflection and assessment. In fact, it can be safely said that the dozens of technical and executive thought leaders in and around InCommon are rapidly coming to the conclusion that this time is different, that potentially disruptive and more than subtle adjustments to direction are needed and needed soon.
A foundational premise for all services and capabilities developed by InCommon — the organization and the community — is that InCommon (the organization) performs the functions that are best done together or can only be done together. To continue to enable global collaboration and operational efficiency that meets and anticipates the needs of United States higher education, our community must examine the current and desired future states of InCommon infrastructure, tools, training, and advocacy.
As InCommon enters a new era of opportunity in an ever-changing environment, the InCommon Steering Committee in conjunction with InCommon management is beginning a planning initiative (“Futures2”) to develop a plan of outcomes that will shape its strategies to ensure its relevance in the next five years and that are structured to meet the evolving trust and identity (T&I) and R&E landscape and competitive challenges.
Status: The InCommon “Futures2” work is in progress and scheduled to be completed by 1 Feb 2024. A commercial planning partner SecondMuse has been secured to assist. There has been a broad community survey, 1:1 interviews, roundtables, and meetings with all of the various advisory bodies in the Trust and Identity Services ecosystem of advising. Ongoing monitoring and stewardship of the project is being conducted by the InCommon Steering Committee and InCommon/Internet2 staff.
- Expand Cloud Analytics and Monitoring: Leverage both internal and commercial toolset to better monitor both platform and cloud applications performance; proactively detect changes in performance levels.
- Enhance International Connectivity, including NA-REX: Upgrade Internet2 global exchange points to 400 Gbps native. Complete dedicated NA-REX infrastructure, unified instrumentation, and participate in architecture co-development activities for domestic exchange points. Boost participation in global architecture development.
- Promote Routing Integrity: Boost the R&E community’s protections by promoting Routing Integrity Core Practices and tracking progress via a scorecard.
- Emphasize RPKI: Highlight RPKI’s role in route hijack detection and mitigation, aligning services with community needs.
The NET+ program and Internet2’s overall cloud programs are evolving from efforts to support cloud access to cloud optimization and scaling. Internet2’s efforts to support the R&E community’s use of essential cloud services focus on four key areas:
- Facilitating access to commercial cloud services (NET+)
- Training and workforce development (Cloud Learning and Skills Sessions (CLASS))
- Cloud service insights (Cloud Scorecard, Institutional Profiles)
- Vendor management at community scale (NET+)
Over the past several years, Internet2 has made meaningful investments in the first two areas and jumpstarted internal and community efforts in the third and fourth areas. Understandably, all four of these areas are interrelated and are key to supporting efforts to improve and scale the use of essential cloud services.
Internet2 will continue to work with the community to invest in a NET+ portfolio of services, with a focus on services that represent emerging technical needs for the community (e.g., cloud storage migration services, governance, risk and compliance (GRC) services, or services where there is a challenge with a market incumbent that necessitates the community coming together to engage in collective negotiation (e.g., Google Workspace). Current emerging areas include cybersecurity services, vendor risk management/GRC services, and data migration services. In these emerging areas, Internet2 would be best served by leveraging competitive procurement processes to identify potential NET+ service providers to support the future adoption of the services by the most institutions in the R&E community as possible.
Because many, if not most, R&E consortial organizations are engaging in the facilitation or brokerage of cloud services, Internet2 should continue to focus on the areas where it is uniquely situated to provide value-add while other community organizations can support access to commodity services.
Cloud technologies continue to change and advance at a rapid pace. For example, AWS released a total of 119 new services and features in 2022. Keeping up with the latest technical advancements is difficult for information technology staff. This problem is compounded by the significant turnover at R&E institutions of staff who are experienced and skilled in cloud infrastructure and architecture as a result of the “great resignation.”
The Internet2 CLASS program was originally designed to address the gap in training that existed for researchers and research computing and data (RCD) professionals. The CLASS program continues to serve this purpose by providing custom training for the research community and has expanded to support the training needs of enterprise IT as well. This primarily has consisted of cohort-based training programs designed around certification programs for some of the leading Infrastructure as a Service (IaaS) providers. These training courses remain popular. For example, the AWS Solution Architect Associate training has maintained a waitlist since it was originally offered in early 2022 and is currently in its fifth cohort. Many of these enterprise-focused trainings are already provided for free by the cloud service providers themselves. The CLASS programs provide value add by convening an R&E cohort with an instructor/mentor from the community. This builds a sense of community during and after the training. A major challenge in moving cloud training forward is the need for two very different business models, one for serving research needs and one for serving enterprise needs.
The CLASS program funding model today is dependent on per-course payments to Internet2 and in-kind contributions from the cloud service providers and/or their channel partners. Further work should be done to validate the long-term sustainability of this model or explore other models to meet the ongoing needs of the community in this area.
Both the Cloud Scorecard and Institutional Profiles efforts within the Internet2 NET+ program center around how we collect and expose data about cloud services compliance with standards and usage to participating institutions to use as insights to make better-informed decisions. Development of these platforms are essential to move community sharing from email lists and conversations into actionable insights. This becomes more essential as higher education leadership changes and we seek to be more inclusive as a community. Further, Internet2 collects data related to NET+ services that can be made available to subscribers to support individual organizations and broader community efforts.
The Cloud Scorecard Directory is currently a pilot project to provide a way for R&E institutions to review a completed Cloud Scorecard. Internet2 is currently engaged in an effort to identify a platform for the Cloud Scorecard to serve as a permanent home as the effort moves beyond the pilot phase. The long-term goal is to create a cloud service discovery platform that allows R&E institutions to quickly access vendors’ support for technology and compliance standards while supporting the discovery of services that meet those requirements.
The Institutional Profiles collect and share usage information like software release version, add-on services, integrations, service administration name and contact information, and other data about services. These opt-in profiles are available in pilots of NET+ Canvas and NET+ ServiceNow today. A different version of service benchmarking is in place today for NET+ IaaS services, AWS and Google Cloud Platform (GCP), to provide institutions insights into service usage and other information based on usage data Internet2 receives from the service providers’ channel partners. Both of these efforts have been well received and are areas of investment in future years.
Vendor management has already been at the core of the NET+ program and is essential to the management of commercial cloud services. As more organizations in the R&E community rely upon commercial cloud services for key technology solutions, a focus on vendor management will be even more essential. Vendor management is critical to sustaining cost-effective IT operations with the growth in venture-backed, privately held corporations focused on growth and publicly traded corporations focused on profitability.
Vendor management of cloud services has already been identified through the work of the NET+ Business, Procurement and Legal Advisory Committee (BPLAC) as a priority area for the Internet2 NET+ and an area for increased engagement across the R&E community. As part of efforts in this area, there is currently a vendor management working group developing best practices for the community as well as identifying ways to integrate the best practices into the NET+ program to support national scale vendor management efforts.
Status: All directions and initiatives are in motion. Ongoing advice and tracking happening with the NET+ Program Advisory Group (PAG), Cloud Services, Technology, and Architecture Advisory Committee (CSTAAS), and Business, Procurement and Legal Advisory Committee (BPLAC).
Internet2 operates the United States node for the global eduroam roaming Wi-Fi network for R&E. eduroam is available in more than 100 countries, including more than 1,000 universities and non-profits in the United States. Individuals use their campus credentials to use the service. In 2022, the United States eduroam community grew the number of United States service locations to 2,958, the second largest number of service locations in any country in the world.
The eduroam Support Organization (eSO) Program is creating a new explosion of eduroam adoption beyond higher education campuses. Working with state and regional networking organizations, Internet2 has expanded the reach of eduroam in Utah, Nebraska, Arizona, Oregon, and Connecticut. More recently the state of Washington and Nevada have entered the onramp for becoming an eSO. Internet2 will continue to develop and expand eduroam through the eSO.
Via the leadership of the eduroam Advisory Committee, Internet2 will also continue to improve interoperability, ease of installation, and various aspects of security of the platform.
When InCommon was founded in 2004, identity and access management and trust federations were a brave new world. The thought leaders at Internet2 and in the community were cutting into new territories in technical, business, and policy directions. Over the ensuing years, other industries emerged from their IAM slumber, and governments got into the business of funding ideas and eventually establishing standards for security, privacy, and trustworthiness.
In the earliest days of these activities, a small number of global thought leaders convened as the Middleware Architecture Council for Education (MACE). Tracking industry and government sensibilities around trust, security and privacy was largely done at MACE, in a complicated but much smaller landscape than we encounter today. Tracking such trends is of paramount importance to ensure that the directions and efficacies of our jointly developed solutions are on the mark. For some years, Internet2 and community leaders became consumed with the implementation of their original directions. We now need to return to not only tracking government and industry trends but also influencing them in coordinated ways, globally.
Recently, the domestic and global trust and identity communities have found their old muscles of tracking and influence. Recent and upcoming changes to the web browser ecosystems designed to improve privacy for consumers and citizens could have deleterious effects on global R&E federations and how they interact with one another.
- The InCommon Technical Advisory Committee and Internet2 and InCommon staff have participated with colleagues globally to positively affect the emerging practices of the major browser vendors (Google, Mozilla, and Apple).
- The National Institute of Standards and Technologies (NIST) is currently in a request for comment on updates to the NIST 800-63 “Digital Identity Guidelines” framework.
- The Community Architecture Committee for Trust and Identity (CACTI) gathered requirements from community leaders to present aligned responses to this call, specifically to 800-63C “Digital Identity Guidelines – Federation and Assertions.”
This coordination of influence has had an impact on the work of the Community Trust and Assurance Board (CTAB), the community body responsible for curating InCommon’s Baseline Expectations Program. CTAB and CACTI work in complementary ways to help incorporate emerging standards of trust into InCommon practices. This adoption is of critical importance to an InCommon participant such as NIH which is held to high standards for security and privacy.
Status: The technical advisory committees for InCommon (Technical Advisory Committee, Community Trust and Assurance Board, Community Architecture Community for Trust and Identity) will continue to track emerging commercial and government standards and practices.
Internet2 Continues to Process Feedback, Develop Initiatives
Internet2 will continue to evaluate the rapid pace of change in technology and innovation to ensure we include processes to regularly reassess individual initiatives for relevancy considering broader changes to the research and education landscape. Additionally, Internet2 will utilize the 2024 established working group on innovation and transformation, chaired by community members. This working group will be a vehicle to assess new issues that emerge over time.
Internet2 would like to thank all who participated in this effort and provided us with such rich feedback on Internet2’s Future Roadmap. We believe we have developed a strong cohesive plan that will support the needs of the community for the coming years. While some of the initiatives are, or have been, underway, others will just be starting and may require further discussion and collaboration as they develop. As always, we look forward to working with you together on these initiatives, and we will provide regular updates on the plans as we progress and move forward.