Notable Quotes

Quantum Dot Lab was awesome! … › more

Ryan Andrews Ryan Andrews Chippewa Valley Technical College has made an enormous impact on how my group members do calculations … › more

Vladimir Bulović Vladimir Bulović Professor of Electrical Engineering, MacVicar Fellow, MIT eliminates the need for purchasing or installing software and allows short course participants to use it without complications.

Katsuyo Thornton Katsuyo Thornton Associate Professor of Materials Science and Engineering, University of Michigan (2012)

When I went back to campus after attending a workshop, I had one or two different assignments to try out right away with my students.

Tanya Faltens Tanya Faltens Lecturer, California State Polytechnic University, Pomona (2012)

During the time I performed the study for the manuscript "Engineering the Plasmon Resonance of Large Area Bimetallic Nanoparticle Films by Laser Nano … › more

Michail J. Beliatis Michail J. Beliatis Advanced Technology Institute, Nanoelectronics Centre, University of Surrey, UK (2012)

I was designing a drift-diffusion simulation to try and match with our experimental semiconductor data, but was finding it difficult to locate publish … › more

Paul Giedraitis Paul Giedraitis Graduate Student, Northwestern University

NanoHUB was incredibly helpful with providing both online simulator tools as well as documentation about the actual algorithms involved. The informat … › more

Paul Giedraitis Paul Giedraitis Graduate Student, Northwestern University

The ability to run a web based version of complex simulations is an amazing feature of nanoHUB.

Paul Giedraitis Paul Giedraitis Graduate Student, Northwestern University

There is no other resource like

Paul Giedraitis Paul Giedraitis Graduate Student, Northwestern University makes very complex simulations manageable and easy to understand.

Paul Giedraitis Paul Giedraitis Graduate Student, Northwestern University

I have found to be incredibly useful in my work.

Paul Giedraitis Paul Giedraitis Graduate Student, Northwestern University

I thought I would send you a note to let you know how useful and important has been to me and students in my Nanotechnology and Materials Chemistry course at the City University of New York (CUNY) … › more

Dan Akins Dan Akins City University New York (2008), now with significant worldwide impact, is a leading exemplar of the power of science gateways … › more

Daniel E. Atkins Daniel E. Atkins Director, Office of Cyberinfrastructure, National Science Foundation (2008)

nanoFET Lab enabled a rapid exploration for a potential patent concept … › more

R. Christopher Bowen R. Christopher Bowen Senior Member, Technical Staff, Texas Instruments (2008)

In my research, I use the facilities to obtain a better understanding of the properties of nanoelectronic devices and to predict the behavior and performance of future devices. The different online simulation tools together with the online seminar and lecture notes make nanoHUB truly unique … › more

Bart Sorée Bart Sorée IMEC, Interuniversitary Microelectronics Center, Belgium (2008) has proven itself to be an extremely valuable tool for education and research … › more

H. S. Philip Wong H. S. Philip Wong Center for Integrated Systems, Stanford University (2008)

Focusing on the immediate needs of researchers, educators, and students in nanotechnology, NCN and have pioneered methods that have allowed thousands of users to benefit from advanced simulation tools … › more

Ian Foster Ian Foster Director, Computation Institute, University of Chicago, and Argonne National Labs (2008) tremendously promotes the knowledge distribution in technology and IC design communities. It creates a platform to train students with key knowledge for future semiconductor industry.

Yu Cao Yu Cao Arizona State University (2008)

Personally, I'm a huge fan of To me, it is a place of great resources. I use it regularly. I believe it can be useful to every level of student and researcher - from beginning undergraduate students to the more experienced researchers … › more

Ferdows Zahid Ferdows Zahid McGill University, Canada (2008)

It is my experience that, having these tools available on the site, the teaching experience is more productive in passing information to the students … › more

David Ferry David Ferry Professor, Electrial and Computer Engineering, Arizona State University (2008)

Between 1999 and 2005, while pursuing my PhD research at Purdue, I was closely involved with nanoHUB played a crucial role in my past education and research. It allowed me to access the cutting edge nanoscale device simulators online … › more

Anisur Rahman Anisur Rahman Intel Corporation (2008)

While PETE doesn't do anything that cannot be achieved by using different modeling codes, it is an extremely convenient and fast tool. I used it to study hypothetical devices and their effect on circuits. My approach was as follows … › more

Zoran Krivokapic Zoran Krivokapic GLOBALFOUNDRIES (2009)

With so many wonderful resources, shortens the learning curve. I am impressed with its speed.

Sansiri Tanachutiwat Sansiri Tanachutiwat PhD candidate, University of Albany (2010)’s tools are so user friendly. nanoHUB is of immense help for student researchers.

Indranil Bhattacharya Indranil Bhattacharya Graduate student, Florida State University (2010)

All of the tools on are easy to use, amazingly comprehensive, and accurate.

Onur Ates Onur Ates Graduate student, Arizona State University (2010) provides easy access to many wonderful resources.

Sansiri Tanachutiwat Sansiri Tanachutiwat PhD candidate, University of Albany (2010)

The oxidation module was very easy to use. After plugging in the parameters, it gave a nice visual reference of the rate of oxidation.

Kenneth Kafer Kenneth Kafer Undergraduate student, Chippewa Valley Technical College (2010) is one of the strongest sources of information I have found for my education in nanoscience, particularly in the area of electron transport.

Vihar Georgiev Vihar Georgiev PhD student, University of Oxford, UK (2010)

I used the bandstructure tool in my analysis of the effects of uniaxial strain on silicon tunnel diodes. It was very impressive.

Jamie Teherani Jamie Teherani PhD student, Massachusetts Institute of Technology (2010)

Nanotechnology changes so fast, but allows me to stay current on new developments.

John Bean John Bean Professor, Electrical and Computer Engineering, University of Virginia (2010) shows that there are more potential solutions than there are problems.

Jack Uldrich Jack Uldrich Futurist and author (2010) enables a well-developed workforce to generate economic opportunity … › more

Bruce Barker Bruce Barker President, Chippewa Valley Technical College (2010)

Using’s online presentation or simulation tools allows you to test your ideas and check your processes. It’s very easy to use.

Hans Mikelson Hans Mikelson Nanoscience Instructor, Chippewa Valley Technical College (2010)

Once inspiration is sparked, you have to get your ideas down quickly and validate them. helps do that. You’re using models to demonstrate that an idea has merit and could work.

Steven Campell Steven Campell Professor, Electrical and Computer Engineering, and Director of the Nanofabrication Center, Universi transforms the way students learn about electronic properties of materials.

Tanya Faltens Tanya Faltens Professor, California State Polytechnic University, Pomona (2010)

The material on is technically robust and well documented. Any questions are quickly addressed. … › more

Deb Newberry Deb Newberry Professor, Dakota County Technical College, and Director, Nano-Link (2010)

I've spent a lot of time with the recorded classes available on I'm excited about what else I will find … › more

LTJG Pete Hudson LTJG Pete Hudson U.S. Naval Aviator, aerospace engineering graduate, Auburn University (2010)

From its online collaboration and education, to its freely available computing power, delivers! … › more

Dan Wolff Dan Wolff Senior, mechanical engineering, University of Illinois at Urbana-Champaign (2010) helps me understand measured data better … › more

Robert Wortman Robert Wortman PhD student, electrical and computer engineering, Purdue University (2010)

I use’s forced protein unfolding tool. It’s knowledge that I can apply to my future. … › more

Zach Flohr Zach Flohr Undergraduate student, biomedical engineering, Purdue University (2010)

I appreciate the impact has had on our growing nanocurriculum at Southern Illinois University at Carbondale.

Glafkos Galanos Glafkos Galanos Professor and Chair, Department of Electrical and Computer Engineering, Southern Illinois University saves you time by keeping you from duplicating work that has been done before.

Camila Cardosa Zies Camila Cardosa Zies PhD student, mechanical engineering, Rice University (2010) gives me the freedom to think and to check my work against others.

Matt Swanson Matt Swanson Undergraduate student, electrical engineering, Purdue University (2010)

As a postdoc, I appreciate very much; I learn something new every time I log on … › more

Hui Xu Hui Xu Postdoctoral student, University of Texas at Austin (2010) allows us to investigate new and exciting physical phenomena that will change how we live. … › more

Dmitri Nikinov Dmitri Nikinov Project Manager, Strategic Research Group, Intel Corporation, Researcher in Residence at NCN (2010)

The contribution of’s resources to undergraduate and graduate students is significant.

Stella Quiñones Stella Quiñones Assistant Professor, Electrical and Computer Engineering, University of Texas at El Paso (2010)

There is no such thing as a dull moment when you’re using … › more

Jose Valdez Jose Valdez Undergraduate student, electrical engineering, University of Texas at El Paso (2010)

My students thoroughly enjoy the nanoelectronics course material along with online MolCToy simulations. This is all thanks to

Peter Osterberg Peter Osterberg Associate Professor, Electrical Engineering, University of Portland (2010)

I believe that will always be a pathway into nanotechnology for every young researcher in this field.

Munkhbaatar Nyam-Osor Munkhbaatar Nyam-Osor National University of Mongolia (2010)

Prior to, it took too long before students were working with the semiconductor physics rather than the mechanics of the interface … › more

Carl-Mikael Zetterling Carl-Mikael Zetterling Professor, Royal Institute of Technology, Sweden (2010)

Through, I was able to learn more about nonlinear optics and hyperlenses. … › more

Daniel Nizeyumukiza Daniel Nizeyumukiza Senior, Oklahoma Christian University (2010) has absolutely had a very positive impact upon my career. It allowed me to build a new nanoelectronic curriculum based on nanoHUB simulation tools. Students have responded very positively.

Shaikh Ahmed Shaikh Ahmed Associate Professor, Southern Illinois University, Carbondale (2010)

I finally understood what baffled me as an undergrad almost 24 years ago. Thank you. … › more

Jaimin Mehta Jaimin Mehta Principal, Transformatics Group (2010)'s presentation offers an important insight about the true nature of quantum dots as a potential confinement of electrons … › more

Khaled El-Kinawi Khaled El-Kinawi Graduate student, American University of Cairo (2010)

I learned something that was absolutely fascinating.

Shihan Sajeed Shihan Sajeed Lecturer, Department of Applied Physics, University of Dhaka, Bangladesh (2010)

Nanosphere Optics Lab allows my students to gain a better understanding of the ideas behind the experiments we conduct.

Leanna Giancarlo Leanna Giancarlo Associate Professor, University of Mary Washington (2010)

I really like; it's a very nice resource to use. If I need to use one of the programs, I can just open it up and use it. There's no need to spend time downloading … › more

Charlie Solvason Charlie Solvason PhD candidate, Auburn University (2011) allows my students to successfully move through content that is truly engaging. They're not just flipping through pages in a book … › more

Robert D. Cormia Robert D. Cormia Engineering/Nanoscience Instructor, Foothill College (2011)

In just one hour, a lecture on helped me understand how percolation works on semiconductive polymer blends. I’m really excited about finding all this information on the Internet in such an easy-to-grasp way! … › more

Julio Costilla Julio Costilla Undergraduate student, Universidad Autónoma de Nuevo León, Mexico (2011)

After taking the Rappture workshops, I went back and looked at the slides and examples on There was a lot of support.

Marcela Meza Marcela Meza Graduate student, University of Texas at El Paso (2011)

The level of projects varies considerably on You can come in early in your studies, not knowing a lot, or you can come in later and find useful resources.

Victoria Savikhin Victoria Savikhin Senior, Purdue University (2011)

I saw that once a tool was finished, and it worked, other people immediately began using it. It’s awesome. It’s worth everything you go through to get to the completion of the project … › more

Matteo Mannino Matteo Mannino AI and Computer Vision Research Engineer, Toyota Technical Center (2011) is definitely a very important resource for research students. nanoHUB is world recognized. Its impact is global. Two weeks ago, I was in Switzerland giving an invited talk on the first inversion-mode gate-all-around III-V MOSFETs paper, and a graduate student c … › more

Peide Ye Peide Ye Professor of Electrical and Computer Engineering, Purdue University (2012)

The AFM fundamentals course on is the best online course I've taken. The lecturers are great. They really give a picture of the whole story without being boring … › more

Itai Schlesinger Itai Schlesinger Undergraduate student, Technion - Israel Institute of Technology (2012) represents a new paradigm in science education: using grid computing resources and easy-to-use Web interfaces to catalyze the development of a global, virtual community of practice.

Marilyn M. Lombardi Marilyn M. Lombardi Associate Professor and Director, Center of Nursing Collaboration, Entrepreneurship, and Technology,

Questions and answers sections provided me with more than answers. They really got me interested in researching better.

David A. Saenz David A. Saenz Purdue University (2012)

I really got hooked on nanoHUB when I realized I could learn far more information about nano science by listening to the lectures than reading a course text. … › more

Quincy Williams Quincy Williams PhD student, materials science and engineering, Norfolk State University (2012)

Without nanoHUB, it would be very difficult—if not impossible—to prepare good lab exercises about nanoelectronics for my undergraduate courses. With nanoHUB, I can use a virtual lab with plenty of pieces of information very useful for students. In addition to broadening their knowledge about the contents given in the classroom, students become very well motivated and interested in the course. … › more

José M. de la Rosa José M. de la Rosa Associate Professor of Electronics and Electromagnetism, University of Seville, Spain (2012)

I’ve been viewing the lectures on to learn enough device physics to fill in the gaps for the things I don’t understand in the technical papers I read. I don’t know where else I would find access to this kind of information, and the open access makes it very affordable for small business … › more

Jay Morreale Jay Morreale p-brane LLC (2012)

Not long ago, I was considering one of the most important decisions in a scientist's life — a PhD research field. After initial inquiry, I decided to take Prof. Vladimir Shalaev's online course in nanophotonics. The lectures provided me the inspiration to choose plasmonics as my main research field, with the ultimate target of using SPP as information carriers in deep nanoscale. Now, 18 months later, I have a well established, high quality research plan and great passion to do it all with plasmonics — sensing, waveguiding, data processing, energy and even medical applications … › more

Moshik Cohen Moshik Cohen PhD student (2012)

I used the From Atoms to Materials course to remind me of certain basic physics at the atomic level about materials. This course concentrated on molecules and crystals. The recommended nanoHUB simulations on density functional theory and molecular dynamics were easy and … › more

Andrew George Kulchar Andrew George Kulchar Bluefield State College

We have used nanoHUB.ORG as a platform to present our research and educational outreach activities to a wider audience. The support staff is very helpful and the whole process of uploading and sharing the data files (including multimedia files) is very convenient. I am … › more

Gurpreet Singh Gurpreet Singh Kansas State University

The most attractive feature about nanoHUB is that I did not have to take the time to develop the user interface. Without this feature, tool development would have been impossible.

Dr. Lasse Jensen Dr. Lasse Jensen Associate Professor of Chemistry, Penn State University

In the development of Valparaiso's nanoK12 laboratory, was an incredible resource. … › more

Dr. Mark Budnik Dr. Mark Budnik Paul and Cleo Brandt Professorship, Director, nanoK12 Laboratory, Chair, Dept. of Electrical and Co

I plan on using nanoHUB in my classroom to continue developing and adding extensions to the existing tool “Extinction, Scattering and Absorption Efficiencies of Single and Multilayer Nanoparticles”, as well as develop new tools with my graduate students.

Dr. Lasse Jensen Dr. Lasse Jensen Associate Professor of Chemistry, Penn State University

The nanoHUB platform eliminates the need for the developer to create and maintain code and installation guidelines. This time saving feature is immeasurable for productivity and development.

Dr. Lasse Jensen Dr. Lasse Jensen Associate Professor of Chemistry, Penn State University

I use as a way to further engage my students in nanotechnology.

Dr. Mark Budnik Dr. Mark Budnik Paul and Cleo Brandt Professorship, Director, nanoK12 Laboratory, Chair, Dept. of Electrical and Com

My research in magnetic nanowires is mostly experimental, but I've wanted to simulate their magnetization reversal for years. There are always more pressing things to do. Then, I heard that OOMMF was launched on nanoHUB.  I checked out the tutorial while waiting to meet our weekly colloquium speaker.  In that 10min, I had my first simulation done. ... ... … › more

Beth Stadler Beth Stadler University of Minnesota

By using nanoHUB tools, I have quickly come up with ideas to build my own input files for molecular dynamics simulations, with confidence that what I was doing was correct … › more

Danilo Branco Danilo Branco Purdue University

PUNCH: Purdue University Network Computing Hub

Developed at:Purdue University
Retired:April, 2007
Usage:4600 users, 395,000 simulations

PUNCH began as a project to create an Internet computing platform that would provide a distributed computing portal on the early World Wide Web. Applications could be installed "as is" with simple web form interfaces for uploading and editing input files, running the application in a batch mode, and then retrieving, viewing, or post-processing output files, or applications could have more elaborate web interfaces constructed within PUNCH to activate an infinite variety of different application flags or preprocessors and postprocessors automatically. Later versions of PUNCH added virtual filesystem support to execution nodes, support for VNC-based graphical, interactive application use, and even began linking to Condor and Globus submission. PUNCH was designed to allow users access to complex software packages without suffering through difficult installation processes or familiarizing themselves with arcane commands.

Early implementations of PUNCH focused on scientific simulation applications for three different disciplines: Computational Electronics (CE Hub), Computer Architecture Research and Education (NETCARE), and Electronic Design Automation (EDA Hub). Of these, the Computational Electronics Hub was the most successful, first brought online in 1996, and a few years later it was transformed into a hub more specialized on Nanotechnology, becoming the first incarnation of "nanoHUB".


The architecture of a PUNCH system consisted of a web server and one or more backend execution nodes where applications were run. In the PUNCH environment, all users' operations ran in the context of captive shadow accounts. The applications provided in this environment were necessarily highly restrictive so that an individual user could not exploit flexibilities in the software to either run arbitrary commands or access other users' files.

Later developments for PUNCH included support for graphical, interactive sessions via VNC, with connections made directly to the applications running on the backend systems. In order to enable this, a virtual filesystem subsystem was also developed to export user home directories to remote execution hosts. The job-scheduler was broken out into a distinct subsystem, and some primitive load balancing was done there to improve the overall efficiency of PUNCH jobs. Early testing on integrating Condor and Globus submission was complete by 2001.

Although it was a significant achievement for its time, PUNCH suffered from a number of shortcomings. First, it required a specialized web server in order to work, and the operations of PUNCH were integrated into its own HTTP 1.0 server. Because of this, modern features of Apache could not be fully utilized, and active development of the HTTP server portions of PUNCH fell behind. Also, PUNCH was designed in a research project environment and robustness, reliability, and maintainability of the codebase was not a high priority. Over time, this led to a great deal of maintenance necessary to ensure proper operation of the services. Additionally, although simple input file applications could be quickly and easily added into PUNCH, constructing a better, more intuitive form input system for an application in PUNCH could very extremely time-consuming. Finally, while graphical interface support was added, the principle mode of operation was still form-based, a user interface which modern computer users found increasingly undesireable, and form-based batch application support code in PUNCH was, like the HTTP code, becoming just unnecessary baggage.

Because of these shortcomings of PUNCH, several projects emerged in an attempt to improve upon it. In spite of all its problems, PUNCH remained in operation concurrent with all the other middlewares to follow it listed here below until 2007, and its 12-year operational lifespan is a testament to its success.

In-VIGO: In-Virtual Grid Organizations

Developed at:University of Florida, ACIS
Deployed:May, 2005
Retired:February, 2006
Usage:1300 users, 11,000 sessions

The In-VIGO project built upon lessons learned from the development of PUNCH. Namely:

  • The maintainability of the system is predicated on the use of standard components.
  • The isolation of accounts, networks, and applications was crucial to the security of the system.

As a result, the In-VIGO system was designed with the following features:

  • All hosts used in the system were (VMware) virtual machines in order to separate the In-VIGO environment from the physical hosting environment.
    • A front-facing web server provided a form-based interface for application sessions. It was built from standard software components, such as Apache, Java, Tomcat, and MySQL.
    • A firewall host provided a static mapping of ports to internal VNC servers. This allowed for greater isolation between execution hosts and the outside world.
    • One or more backend systems provided application execution environments.
    • A fileserver provided central storage space.
  • Applications ran on each execution node in one of several shadow accounts so that one application could not affect another application running on the same host.
  • A virtual file system based on NFS provided the ability to map directories on the file server to any shadow account on any execution host. This allowed all files to be stored as a single user (the owner of the web server) on the file server.

In-VIGO was used through nanoHUB by bridging operations from one web server to the other and occasionally directly modifying entries in the In-VIGO database. Because the combined system was spread out over two web servers and databases, session handling was complicated, application startup required several seconds and error handling was tenuous. In the event of a failure, it was difficult for the end user to diagnose the problem.

In-VIGO has a rich capability for specification of form-based interaction which was, unfortunately, not directly applicable to the mostly graphical applications used in nanoHUB. Nevertheless, deployment of any application still required configuration of the command-line based tool. Additional operations were necessary at invocation time to access a graphical interface for the application. This style of specification also contributed to the delays in both application deployment and middleware session startup.

Further information about In-VIGO is available at the In-VIGO page.


Developed at:Purdue University
Deployed:January, 2006
Retired:May, 2007
Usage:6000 users, 60,000 sessions, 220,000 simulations

Design goals

Narwhal was built with the following goals in mind:

  • All sessions are only graphical. Provide no support for form-based interaction.
  • Leverage the existing nanoHUB LDAP authentication mechanisms so that first-class accounts and file storage could be used for all applications.
  • Make the system as small, fast, and reliable as possible.
  • Automatically recover from failure as much as possible.


Narwhal was built in the following manner:

  • A program running on the nanoHUB web server was used to control operations.
    • All authorization was performed by the web server. No further authorization was done by narwhal.
    • Operations and accounting was done through the nanoHUB web server's existing MySQL database.
    • All interaction between hosts was done using SSH.
  • Additional service software ran on the following hosts:
    • One or more backend execution hosts provided application environments.
    • A central file server provided file storage using conventional multi-user NFS services.
    • A firewall host was used to dynamically map network ports from the outside world to VNC servers running on the backend execution hosts. Dynamically mapping ports avoids the error-prone maintenance of static mapping. The flexibility of this mapping also allowed for the simple deployment of an embedded file transfer mechanism integrated with Rappture.
  • All hosts ran on (Xen) virtual machines in order to separate the nanoHUB environment from the physical hosting environment.


Because the Narwhal system constituted a session controller for Unix systems, it could naturally provide a number of other benefits. Primarily, it allowed for the invocation of workspace sessions consisting of a typical Unix/X11 window manager in an environment that was the same as the general application environment. This allowed for ease of transition between development and deployment of applications. Because all files were owned by the respective users, it was possible to employ per-user quotas on the fileserver so that one user could not accidentally or deliberately use all of the storage space.

Components of Narwhal acted in parallel to allow for fast session creation. For instance, dynamic port mapping could be done at the same time as filesystem configuration. Furthermore, pre-caching of services was done as much as possible. VNC servers were allocated in advance of their use so that when a user requested a new application session, an appropriate execution host could be selected and the application started without having to wait for the display server to start. The user-perceived application start time was reduced to 4-8 seconds.

Narwhal incorporated a mechanism that monitored presence of a viewer on each VNC server. If a particular application's VNC server lacked an observer for longer than a configured timeout, the application was terminated. This allowed the system to automatically avoid unchecked growth in resource consumption and removed the burden from the user of having to manually terminate every application that he or she was no longer interested in. The cumulative time that each session was viewed was reported to the middleware and recorded in the statistics database where it could be used for further analysis by application developers.


Reliability of the Narwhal system was achieved by redundancy, retries, and triage of subsystems. The core philosophy of the development of the systems was that some systems will occasionally fail, and that the end user should not be made aware of this unless there was no other means of recourse. For instance, VNC servers sometimes fail at startup due to locking failure, or unknown race conditions. When a host is selected on which to start a VNC server, the status of the operation is checked. If failure is detected, the operation is retried. If failure persists, the conditions are recorded and the system avoids use of that particular subsystem. A secondary or tertiary choice for a host system is then used and the process continues. When all avenues are finally exhausted, the user and administrator are notified that some larger, general failure has occurred. Because resources such as VNC servers are pre-started in advance of their need, the additional delay in creating the server is hidden from the end user.


Narwhal offered the ability to be able to stress-test systems in advance of production use. A development environment could be prepared in which an administrator could start, for instance, 1000 random application sessions in rapid succession. Alternatively, 100 sessions could be started simultaneously (as would happen when students in a laboratory classroom started to use the system). By conducting tests of this nature, bugs in the software were found and corrected. The expected behavior and capacity of the system could also be established in advance of production needs.

About the name

The name "narwhal" was not an acronym and did not refer to anything. It was a name chosen at random in the hope that someone would come up with something more meaningful. For lack of a better name, most people referred to it, colloquially, as "In-VIGO Lite."


Developed at:Purdue University
Deployed:May, 2007

Maxwell is a middleware system designed to provide the next generation capabilities of a true science gateway. Despite the stability and reliability of the Narwhal system, its shortcomings were clear and were increasing in importance:

  • Users with browsers that lacked necessary software (Java and Javascript) were afforded no clues as to why their application session did not work. Such problems were responsible for a significant portion of our support requests.
  • Remote users who were behind a filtering firewall often could not connect to the broad range of ports used by Narwhal's dynamic VNC port router. The use of such firewalls is becoming increasingly common in both corporate and academic environments. This problem was also responsible for a significant portion of the incoming requests for support.
  • Security of VNC transport was weak due to lack of end-to-end encryption of the network connection. A motivated attacker could eavesdrop on the network connection and interpret the keyboard and mouse activity. Although this was of little concern for typical nanoHUB applications, improved security of workspace sessions was a high priority.
  • File transfer operations were also not encrypted and could be inspected by eavesdroppers and potentially exploited.
  • Preconfigured sizes for VNC sessions was a limiting factor to load balancing as well as application configuration. New sessions would always have be allocated to the execution hosts which held the pre-started VNC servers of the appropriate display geometry. Furthermore, the inability to make a running application "just a little bit larger" was a perennial deficiency.
  • Running applications were shared among a pool of machines. Although Unix access controls separated processes from each other, users with interactive workspace sessions could identify other users as well as observe the names of the programs that they were running. Furthermore, workspace users effectively had unrestricted access to the local network which made it inappropriate to grant such capabilities to users who were unknown or not believed to be trustworthy.
  • Recording of statistics about individual simulations within an application session was done by writing information to an output log that was subsequently read and interpreted by the middleware. Although this was sufficient for captive simulation applications, it could not be used to identify programs run by interactive workspace users or jobs executed in remote venues such as Condor or PBS.

Design goals

To address the deficiencies in Narwhal, a system was designed with the following new features:

  • An enhanced VNC server and client were developed that were capable of:
    • integral diagnosis of browser deficiencies.
    • ability to transit firewalls by use of a proxy.
    • full SSL encryption of the entire session.
    • ability to negotiate a connection through a nanoHUB port router which used a single, standard port (563) that is tolerated by filtering firewalls.
    • arbitrary dynamic resizing of the framebuffer.
    • an upcall mechanism to invoke limited actions on the browser that could initiate file upload or download.
  • File transfers are performed using secure HTTPS through the central nanoHUB web server. Furthermore, the invocation no longer happens through a dedicated connection through the a port router to a specialize Rappture application. File import and export can be initiated by general applications and by interactive workspace users.
  • The use of the OpenVZ virtualization system was introduced in order to provide independent, secure virtual machines for all applications.
  • A submission mechanism was introduced that would interact with the middleware to register information about users' jobs as well as route them to remote resources.


Compared to previous middleware systems, Maxwell is very web-server-centric. Instead of using a port router "firewall" host, the web server uses a daemon to dynamically relay incoming VNC connections to the execution host on which an application session is running. Instead of using the port router to set up a separate channel by which a file import or export operation is conducted, Maxwell uses VNC to trigger an action on the browser which relays a file transfer through the main nanoHUB web server. The primary advantage of consolidating these capabilities into the web server is that it limits the entry point to the nanoHUB to one address: This simplifies the security model as well as reduces on the number of independent security certificates to manage.

One disadvantage of consolidating most communication through the web server is the lack of scalability when too much data is transfered by individual users. In order to avoid a network traffic jam, the web server can be replicated and clustered into one name by means of DNS round-robin selection.

The backend execution hosts that support Maxwell can operate with conventional Unix systems, Xen virtual machines, and a new form of virtualization based on OpenVZ. For each system, a VNC server is pre-started for every session. When OpenVZ is used, that VNC server is started inside of a virtual container. Processes running in that container cannot see other processes on the physical system, see the CPU load imposed by other users, dominate the resources of the physical machine, or make outbound network connections. By selectively overriding the restrictions imposed by OpenVZ, we can synthesize a fully private environment for each application session that the user can use remotely.

About the name

The improvements over Narwhal represented a shift in philosophy from a middleware system that allocated resources to one that regulated access between systems and between zones of security. This is similar in spirit to James Clerk Maxwell's Dæmon—a thought experiment where a hypothetical shutter regulated the movement of molecules between two chambers. Furthermore, the use of the term daemon was already prevalent in the vernacular of software system architecture. It was for these reasons that the name "Maxwell" was selected.