Network
The Science Network X-WIN

© DFN
Figure 1:There are about 70 core network sites of X-WiN distributed throughout Germany. The sites are primarily located in the computing centres of universities and research facilities. Some core network sites are accommodated in co-location facilities. DFN-Verein operates at each core network site DWDM-systems, which are interconnected via the optical platform, and IP-routers, that employ the optical platform to connect to the router platform for IP-packet switching. DFN-Verein organizes the core network sites in its own responsibility. This complete control provides unlimited co-location with service-providers and direct access to the complete scope of functionality of the DWDM-systems as well as the IP-routers. DFN-Verein continuously extends the core network sites according to its users' demand.
© DFN
DFN – Deutsches Forschungsnetz – is Germany`s National Research and Education Network. It provides a high-performance infrastructure for the German Research and Education Community. DFN connects universities and research institutions and supports the development of innovative applications. Since 2006 the national backbone of DFN is the X-WiN.
Being connected to the European Backbone GÉANT, X-WiN is an integral part of the worldwide community of research and education networks. Based on contracts and peering agreements X-WiN is connected to the Global Internet as well. The X-WiN is operated by the DFN-Verein (Verein zur Förderung eines Deutschen Forschungsnetzes e.V.) which guarantees its further use and development. DFN-Verein is a non-profit association established by research, development and education sector in Germany to promote computer-based communication and information services.
The X-WIN knot
The four Max Planck Institutes in Heidelberg
are commonly connected to the X-WIN of the DFN (German Research Network, Deutsches Forschungsnetz). For the Dial-in from outside, VPN and - amongst others - the RAS (Remote Access) service is at disposal.
Firewall
As Firewall solution, a HA (High Availability) Cluster consisting of two Firewall appliances is in use at the MPImF; therewith - besides the common firewalling functions - the following services and solutions are realized:
- VPN (Virtual Private Network)
- DMZ (Demilitarized Zone)
- Router for virtual Networks (VLAN's), e. g. for the WLAN Service
- Router for the external Internet connection
- Antispam and Antivirus Filtering for incoming and outgoing email traffic
In addition to the HA Cluster, the Network of the MPImF is secured by a second Firewall installed directly at the GWIN receiving point at the MPI for International Law; amongst others, this Firewall is blocking access to certain Network segments and computer groups.
External Filtering of incoming Emails at the GWDG Göttingen
Before emails sent to the domain ("...@mpimf-heidelberg.mpg.de") reach the internal Firewall, they are scanned for viruses, worms etc. and checked if they are spam; if an email is identified as spam, it will be flagged accordingly and forwarded to the MPImF. Here, all emails flagged as spam are moved to a special mailfolder called "Spam Flag" of the recipient. This folder will be emptied automatically after 30 days.
The Institute's LAN
The core network of the institute is implemented via a 40GBit/s ethernet backbone. All servers are connected with Gigabit or TenGigbait to the Backbone; the wiring of the workstations to the department- and floor distributors is copper-based (100/1000Base-T).
PoE and PoE+ is supported in some parts if the institute.
Distributed Computing
With the high-speed connection of the LAN, it is possible to handle exchanges of large data files in reasonable speed for the joined project of distributed analysis of confocal LSM images (Dr. Günter Giese). It allows supporting a homogeneous solution for CLSM deconvolution, image analysis, 3D visualization and colocalisation analysis.
Wireless Local Area Network (WLAN)
At the Institute, Radio Networks (Wireless Local Area Network, Wireless LAN, WLAN) are at disposal. Supported Protocols (Radio Policies) are 802.11a, b and g. Protection and authentification work according to the 802.1X standard.