Service Portfolios of Leading National Research and Education Networks and Implementation on the Basis of the National Research Computer Network of Russia

The paper systematizes and generalizes well-established practices of operation and development of service platforms for the research and education sphere from leading National Research and Education Networks and network consortia. The current state and planned directions of enhancement of the service platform of the new generation National Research Computer Network of Russia are presented, including the scaling and improving of already operated information technology services and specialized services for the target audience, and the implementation of new, potentially demanded services, taking into account the accumulated world experience and domestic features.


INTRODUCTION
The phenomenon of longevity atypical, as a whole, for the dynamically evolving industry of information and communication technologies (ICT), successful operation and progressive development of National Research and Education Networks (NREN) is explained by the invariable demand for the technologies and services they provide, focused on a unique target audience of education and science, the ability to adapt to changing conditions, flexibly and promptly respond to the growing and increasingly diversified needs of users [1][2][3].
Architecturally and functionally, NREN can be considered in combination and mutual complement of its infrastructure and service components [4,5]. The telecommunication infrastructure is obviously a backbone component, its characteristics largely determine the level of network development, the quality and reliability of the services provided, motivate users to connect to the network, provide opportunities for the formation of a unified, secure information environment for the interaction of participants in scientific, technical and educational processes, contribute to an increase in the efficiency and effectiveness of research and education (R&E) activities.
The service component of developed NRENs and network consortia is largely based on infrastructure, while characterizing the pronounced sectoral focus of the network, transparently differentiating and emphasizing its distinctive features, taking into account the needs of target users, includes "niche," specialized services not provided by commercial operators of public networks [3]. In general, approbation, testing, implementation and maintenance of a wide range of advanced ICT and specialized network services for the R&E community is considered to be one of the key tasks and challenges for NRENs, aimed, among other things, at stimulating digital transformation processes.
The world leaders in the development of service platforms include NRENs of the USA (Inter-net2), Australia (AARNet), Great Britain (Jisc), Italy (GARR), the Netherlands (SURFnet), France (RENATER), Switzerland (SWITCH), networks that are members of the R&E consortium of Nordic countries NORDUnet [6] and some other. An invaluable contribution to the development and promotion of supranational sectoral service solutions is made with the pan-European network R&E consortium GÉANT [7][8][9].
In Russia, since 2019 it has been functioning as NREN and being systematically developed the new generation National Research Computer Network (NIKS, https://niks.su) created on the assignment of the Ministry of Science and Higher Education of the Russian Federation by Joint Supercomputer Center of the Russian Academy of Sciences (JSCC RAS) as a result of the integration of Federal university computer network RUNNet [4,10] and network of the Russian Academy of Sciences RASNet both operated for 25 years.
At the beginning of 2021, the management procedure, the concept and the roadmap for the functioning and development of NIKS for 2021-2024 [11] within the framework of the National Project "Science and Universities" were approved by the line Ministry. Development of the NIKS service platform, expansion of the service portfolio, and an increase in the number of users of services are among the key tasks in the implementation of the roadmap activities [5].
In this work, an attempt is made to systematize and generalize the operation and development experience of service platforms for the R&E community by leading foreign NRENs and sectoral network consortia, an overview of the current state and planned directions of enhancement of the NIKS service platform, the implantation of new services at the level of NRENs, taking into account world experience and domestic features is given and the expected effects of modernization are indicated.

SERVICE PORTFOLIOS OF THE LEADING NATIONAL RESEARCH AND EDUCATION NETWORKS FOR THE R&E COMMUNITY
Systematization and generalization of world experience, obtaining opportunities for full participation in international service projects, reproduction and replication of best practices, transfer of technologies and services, their adaptation to domestic conditions, taking into account the strategic directions of the scientific and technological development, require a targeted comprehensive audit and analysis of the current state and development plans of services by the world's leading NRENs.
Based on the results of the research, which assumed a thorough immersion in the discussed issues, the following set of key characteristics of service portfolios of NRENs has been formed: • systematic development of service platforms, taking into account the global trends in the development of ICT, the increasing needs of target users, an increase in the volume of generated, stored and processed scientific data; • expansion of interaction between NRENs, modernization, integration of resources, joint implementation of supranational infrastructure and service projects in the interests of the R&E community; • flexible and prompt response to changing environmental conditions, audit of areas of activity, expert and advisory approach to the development of services; • development of unique service solutions with a high degree of demand for the target R&E audience, taking into account national specifics; • consolidation of distributed cloud resources using high-performance sectoral telecommunications infrastructure to provide collaboration and federated access to cloud services; • functioning in a competitive environment of commercial telecommunications operators and service providers, cooperation for the joint provision of individual services to users (overall cost savings due to the scale procurement, unified technological solutions); • targeted interaction with the user community, increasing the level of involvement in service projects, holding conferences, webinars, trainings, expertise and project management.
It should be noted that the adopted approaches to the classification of services within the service portfolios of the leading NRENs and network consortia differ markedly. At the same time, one can point to the following set of the most common classes of services: • Network and Connectivity; • Network Management, Performance and Analytics; • Trust, Identity and Security; • Cloud Services and Applications; • Real-time Communications and Multimedia.
A more detailed classification is offered by the GÉANT consortium within the service portfolio matrix (https://compendiumdatabase.geant.org/reports/nrens_services) provided by European NRENs at the national level, with the introduction of the following service groups (examples of services are given in parentheses): • Network (IP connectivity, IPv6, virtual circuit/VPN, network monitoring, NetFlow tool, optical wavelength, open Lightpath Exchange, software-defined networking, QoS); • Security (CERT/CSIRT, network troubleshooting, DDoS mitigation, vulnerability scanning, anti-spam solution, identifier registry, security auditing, intrusion detection, firewall-on-demand, web filtering, PGP key server); • Identity (eduroam, interfederation, hosted campus Authentication and Authorization Infrastructures, AAI); • Collaboration (mailing lists, email server hosting, VoIP, project collaboration tool, CMS, survey/polling tool, database services, instant messaging, scheduling tool, events management system, LMS, e-portfolio services); • Multimedia (web/desktop conference, event recording/streaming, provision of multimedia content portal, TV/radio streaming, media post-production); • Storage and Hosting (DNS hosting, virtual machines/IaaS, Filesender, cloud storage, open source software mirroring, housing/co-location, web hosting, SaaS, disaster recovery, content delivery hosting, hot standby); • Professional (consultancy/training, user portals, dissemination, user conferences, procurement/brokerage, web development, software development, finance/admin systems, software licenses); • Internet Service Providers (IP address allocation/LIR, NTP service, nameserver services, domain name registration, national IX operation).
It is not the purpose of the work to provide any explanations about the functions and principles of operation of most of the mentioned services, those interested can easily find the necessary information on the specified site and in other open sources. The focus of further attention will be only on some of them related to the categories of specialized services of the NRENs level for the R&E community and supranational services developed and supported by GÉANT (which have either already been realized or are planned for implementation on the basis of NIKS) [7,9]. It is useful to note that the operators of the "edu***" family services mentioned below at the national level in most cases are local NRENs. eduGAIN (EDUcation Global Authentication INfrastructure, https://edugain.org) [12] is a pan-European identification infrastructure that provides ubiquitous controlled access to online resources and services, enabling Web Single Sign-On (Web SSO) for members of the R&E community using a single identity [13,14].
The general methodology and key concepts of the project is as follows (see Fig. 1) [12,15]. "Home" organizations (a university, research institute, etc.) register users by assigning a local digital identity (using, for example, LDAP or AD), operate a local identity provider (IdP) to authenticate users and provide a limited set of attributes (unique person ID, the FQDN of an organization, person affiliation, etc.). Service providers (SPs) as resource owners delegate the authentication to IdPs in order to control access to the provided resources. An identity federation is a group of IdPs and SPs that sign up to an agreed set of policies for exchanging information about users and resources to enable access to and use of the resources (identity federations commonly have a national coverage). eduGAIN interconnects identity federations around the world, implements the trustworthy exchange of information related to authentication and authorization between the member federations; it is responsible for finding the federation to which a moving user belongs, transfer the messages between the federation internal protocols and the interfederation. The eduGAIN technology involves a metadata service (MDS), which regularly retrieves and aggregates information from participating federations about SPs and IdPs, and makes this information available to federations. The project coordinates elements of the technical infrastructure of federations and provides a set of tools and a policy framework controlling the exchange of the information (https://technical.edugain.org).
The technological implementation of federated authentication services is based on an open standard SAML (Security Assertion Markup Language) [16] for exchanging authentication and authorization data between IdP and SP, and open source implementations of identity management and federated identity-based AAI (Shibboleth, SimpleSAMLphp). eduGAIN interconnects 72 national federations, participants from over 4,200 IdPs and more than 3,200 SPs (https://technical.edugain.org/entities) and makes available ubiquitous access with uniform credentials to the Scopus and WoS scientific abstract and citation databases, the leading full-text databases Elsevier, Springer, EBSCO, Cambridge University Press, John Wiley & Sons, IEEE, and other highly demanded resources and services.
Based on eduGAIN, several related services for the R&E community have been developed using technologies of secure identity federation, including Federation as a Service (FaaS), eduTEAMS and InAcademia [7].
The FaaS service is designed to help national Web SSO Identity federation operators by providing a special hosted metadata registry toolbox, including Identity federation management and automatically exchange metadata with the eduGAIN root metadata service (see for details https://wiki.geant.org/ display/eduGAIN/Federation+as+a+Service+-+FaaS). eduTEAMS (https://eduteams.org) is a service built on top of eduGAIN, which enables members of the R&E community to create and manage virtual teams and securely access and share common resources and services (SPs) using federated identities from the interfederaion and external trusted IdPs.
InAcademia (https://inacademia.org) uses eduGAIN as the basis of its identity authentication process and allows online merchants to securely validate in real-time if a customer is a student or affiliated with an educational organization.
A number of alternative global initiatives of federated access include the Authentication and Authorization for Research and Collaboration (AARC, https://aarc-project.eu), the Research and Education FEDerations group (REFEDS, https://refeds.org). Within the framework of these and a number of other initiatives, attempts have been made in recent years to harmonize and to integrate the currently used and highly demanded AAI systems (e.g. X.509, SAML, OAuth, OpenID) [17]. eduroam (EDUcation ROAMing, https://eduroam.org) is an international roaming service in Wi-Fi networks for the R&E community with uniform credentials and user authentication on the side of his home organization [18,19]. Currently, more than 10 thousand of hotspots has already been deployed around the world in 106 countries (territories) more than 12 million national and international authentications were registered daily (before the COVID-19 pandemic). The service provides free Internet access on the campuses of the organizations participating in the project, contributing to the expansion of the R&E mobility.
The operation of the service is based on the standard of network security in public places 802.1X and the associated hierarchy of RADIUS (Remote Authentication Dial-In User Service) servers accessing the authentication server with user credentials (login and password). Organizations participating in the project deployed its own local RADIUS infrastructure and agreed to the terms of use of the service. The hierarchy of distributed RADIUS servers safely transfers user credentials to the server of the home organization, which checks their correctness and passes back information about the possibility of user authentication in the service (see Fig. 2). GÉANT provides a number of supporting services for national roaming operators of the service and for end users (https://monitor.eduroam.org).
The related service called WiFiMon (https://www.geant.org/wifimon) is an advanced Wi-Fi network monitoring and performance verification system capable of detecting performance issues, to visualize the workload of the network, and to provide some useful technical information.
eduMEET (https://edumeet.org) is a webRTC based open source video conferencing system for the R&E community. This web application allows dynamically creating video conference rooms for individual and multi-party calls, using additional tools of screen sharing, group chat, claim room, etc. The main purpose of the platform is to provide easy to use, secure, and affordable video conferencing service for the target users as an alternative to well-known commercial solutions (Zoom, Lifesize, UberConference, etc.). eduMEET supports federated authentication in the service via eduGAIN and has possibilities of integration with popular open source Learning Management System (LMS, for example, Moodle).
Other free video conferencing/webinar solutions with relatively developed functionality are BigBlue-Button, Jitsi Meet, Apache OpenMeetings, Nextcloud Talk. eduVPN (EDUcation Virtual Private Network, https://eduvpn.org) [20] is a service for the R&E community providing access to private networks where end-users can access internal resources within the internal network of their "home" organization (Institute Access) and also realizes secure and privacy preserving access from public networks by providing secure gateways to trusted networks (Secure Internet Access). The service is implemented on the basis of industry-standard VPN technology (uses free and open source implementation OpenVPN), supports various authentication methods (LDAP, RADIUS, SAML), and is available as a server component and client applications for different operating systems.
The eduOER (EDUcation Open Educational Resource, https://oer.geant.org) service is a pathfinder technology platform to provide an OER metadata aggregation hub and portal service aimed at facilitating access to European digital multimedia content in the form of repositories, infrastructures and services. Today eduOER is a core foundation and a part of the global initiative Up2University (https://up2university.eu) with the key objective to bridge the gap between secondary schools and higher education by better integrating different learning scenarios and adapting both the technology and the methodology in order to reduce problems for schoolchildren in future studies at universities.
A separate and representative group of in-demand service solutions of the GÉANT consortium for the R&E community includes cloud computing services of various delivery models, information about which is summarized on the website https://clouds.geant.org. Among the services presented in the catalog, one can, in particular, point to the already mentioned eduMEET multimedia service, as well as some cloud storage and file synchronization services such as Nextcloud, ownCloud and FileSender.
Related services called Nextcloud (https://nextcloud.org) and ownCloud (https://owncloud.com) are multifunctional cloud-based web applications for accessing, storing and collaborating with data. Both the platforms are free and open source client/server applications and have been originally developed as free alternatives to well-known commercial cloud storage services (such as Dropbox, Google Drive, Yandex.Disk, OneDrive, iCloud). The platforms allow deploying own cloud solutions (as a private cloud), which are monitored and managed at the level of the end organization or service aggregator (for example, NREN).
In accordance with the architecture of the solutions, files are stored on a dedicated server and can be accessed directly in a web browser, using mobile clients or via the WebDAV network protocol with the synchronization on the client side; connection of external data storages is supported (S3, SWIFT, Google Drive, Dropbox, etc.). Users can flexibly manage access rights to files, and use calendars (CalDAV), contacts (CardDAV), schedule tasks from within the platform, use plugins to open files in traditional formats (TXT, PDF, EPUB) directly in a web browser, view multimedia content, organize and carry out video-and audio-conferences, surveys, use collaborative white boards and many other operations.
GÉANT and selected world's NRENs systematically include Nextcloud and/or ownCloud solutions in their service portfolios and provide them in various terms to their target user groups.
FileSender (https://filesender.org) is a web application based on a free and open source package that allows authenticated users to send or share large-size files securely and transparently with other users. The user of the service can assign a certain number of downloads and/or time range for the uploaded file, after which this file will be automatically deleted. The maximum storage time for files on the server is set by the administrator, so the solution is not intended to be used as a platform for permanent storage of data. The user can send a web link ("voucher") to download the file to other users, including those who do not have an account in the system.
Among the infrastructure-level services jointly operated by NRENs, the PerfSONAR (Performance focused Service Oriented Network monitoring ARchitecture, https://perfsonar.net) project deserves special mention [21]. The service is an open source collection of network measurement tools used for monitoring and debugging end-to-end network paths with federated coverage. There are 1000s of product instances deployed worldwide, and many of which are available for open testing of key measures of network performance. Such the global infrastructure helps engineering groups from backbone providers, NRENs, regional and campus networks to identify and isolate network problems and increasing productivity when utilizing network resources. perfSONAR supports different deployment models (single network, dual network, performance beacon, performance island, mesh) and provides an interactive interface that allows for the scheduling of measurements, storage of data in uniform formats, and scalable methods to retrieve data and generate descriptive visualizations. The solution makes it easy to add new metrics of interest or to modify existing, and gives ample opportunities for data presentation.
It should be noted at the end of the review that the leading NRENs are aimed at the systematic expansion of their user bases at the expense of new professional communities that are somehow involved in activities in the fields of R&E, promising developments, including in the context of digital transformation and the expansion of the use of ICT in spheres of medicine and health care, culture and art, social and economic sciences, etc. [5]. In parallel with this, obviously, the service portfolio should also be diversified to take into account the specific needs of such categories of users.

CURRENT STATE AND DEVELOPMENT PLANS OF THE SERVICE PLATFORM OF NIKS
Specialists of NIKS, both in the course of current operation and in development plans and directions for improving the service platform, largely rely on the accumulated world experience, key tendencies and trends in the ICT sphere, the best practices and achievements of foreign NRENs. Along with this, the internal Russian features of the telecommunications infrastructure, geographical distribution and strong heterogeneity of the target user base, current and forecasted needs for the coming periods are taken into account.
The technological platform for providing NIKS services is based on its own private cloud infrastructure (IaaS) and a set of separate physical servers located in the fault-tolerant data center of JSCC RAS. At the beginning of 2021, planned work was carried out to update the software components of the infrastructure with the transition from the previously used open virtualization platform OpenStack (https://openstack.org) [22] to the free software solution Proxmox VE (https://proxmox.com) and the abandonment of Ceph and GlusterFS distributed file systems. This transition was due to the redundancy of OpenStack functionality and the mentioned file systems to ensure the operation of the cloud infrastructure (even taking into account the planned scaling) and significant progress in recent years of the Proxmox VE virtualization system in terms of performance, support for common virtualization technologies and file storage, convenience and functionality of administrative web-interfaces.
The cloud infrastructure includes 12 physical servers of the same type (24 computing cores/32 GB RAM/12 TB HDD/network 2x1 and 1x10 Gbps) running the Debian GNU/Linux 10 operating system and virtualized using Proxmox VE 6.3 software. OpenZFS (https://openzfs.org) performs the functions of data storage on cloud servers that is an up-to-date file system supports work with large amounts of data, combining the concepts of the file system and the logical volume manager, allowing to ensure the life cycle of snapshots of virtual machines. The tests carried out have shown a tangible increase in the performance of the updated cloud platform compared to the previous version in terms of the general level of "responsiveness" of services deployed on virtual machines, the speed of operations in web-interfaces (primarily due to an increase in the speed of working with local disk subsystems).
Turning to the service portfolio, one can state that today NIKS uses to ensure the operation of the network and provides users with services that can be classified and subdivided into the following service groups: infrastructure services, basic network services and telematics services, infrastructure monitoring and management services, information technology services and specialized services for R&E [5].
A separate paper will be devoted to the discussion of the current state and development plans of infrastructure services and infrastructure monitoring and management services of NIKS. Let us also leave behind the scenes basic network services and telematics services, largely routine and, for the most part, not having a pronounced sectoral specificity. The following discussion will be limited to examples of some information technology services and specialized services for the R&E community, including those provided to users through participation in the previously presented global initiatives of the GÉANT consortium and the world's leading NRENs.
The bank of services of the mentioned groups, partially or fully provided by NIKS at the present time, includes [5]: • services based on the identity federation of NIKS (identification of users with the provision of federated access to local and foreign R&E resources, including within the framework of the eduGAIN project) [23]; • international roaming service in Wi-Fi networks within the framework of the project eduroam [24]; • videoconferencing system (based on the BigBlueButton software); • cloud services for working with scientific data (archive and temporary storage, virtualization, data exchange, joint work-on the base of FileSender, Nextcloud); • services for monitoring, analyzing and visualizing statistics on the level of use of the telecommunications infrastructure of NIKS by users for the exchange of scientific data (NetFlow statistics, BGP connectivity, sustainable research collaborations, etc.) [25]; • services of statistics and analytics of the use of components of the infrastructure and service platform of NIKS (based on the ElasticStack, Grafana software packages).
The services planned for the development and/or implementation on the basis of NIKS related to the designated groups (including the involvement in some cases of specialists from R&E organizations of Russia) are: • services of the scientific infrastructure for collective use management system (monitoring of availability, tools for providing operational analytics and reporting) [26,27]; • IaaS cloud services (provision of remotely controlled computing power on demand for a wide range of user tasks, virtual machines); • PaaS cloud services (deployment of computing systems and shared data warehouses on demand, provision of virtual graphical desktops, task management systems, tools for distributed development of software projects); • SaaS cloud services to ensure joint research in remote access (providing access to application software on demand, launching problem-oriented packages on computing clusters with control of access and resource use); • specialized cloud services for working with scientific data, taking into account the experience of the pan-European projects-European Open Science Cloud (EOSC, https://eosc-portal.eu), (EGI, https://egi.eu), (EUDAT, https://eudat.eu); • separate service solutions of the NRENs level (eduVPN, eduMEET, PerfSONAR, etc.); • services for visualization and numerical computations (Science Notebook as a Service, SNaaS)-interactive programming environments, for creation and exchange of documents with the provision of opportunities for teamwork (based on software packages Jupyter, Spyder IDE, Swan, etc.); • container services with centralized storage and distribution of demanded software, including specialized, developed by the R&E community; • services of centralized technological support of learning management systems (LMS); • centrally provided services for calendars of scientific events with ready-made templates for web pages and sets of web services, scheduling web tools; • centrally provided survey/polling web tools.
JSCC RAS performs the functions of the national operator of the eduroam service (https://eduroam.ru) [24] and the operator of the Russian national R&E identity federation RUNNetAAI (https://runnetaai.ru) [23]. The users of eduroam in the country today are 24 research and higher education organizations, in which more than 100 Wi-Fi hotspots are deployed. Within the framework of the identity federation, the participants of the project have access to scientific abstract and citation databases (including Scopus and WoS), to the well-known platform "Antiplagiat" and a number of other popular resources.
On the basis of NIKS, the collection, backup storage and processing of statistics of RADIUS proxyservers of organizations participating in the eduroam project has been implemented with sending data to the global Operations Team of the project (https://monitor.eduroam.org) for subsequent visualization, and also a web service has been developed and implemented for entering data on the geolocation of eduroam hotspots in Russia with extended session statistics (https://monitor.eduroam.ru).
The technological functioning of the RUNNetAAI project is based on the SimpleSAMLphp software, which implements the full cycle of collection (aggregation) of metadata from the local SP and IdP nodes included in the identity federation, their publication in the public domain and exchange with eduGAIN in accordance with accepted methods. NIKS specialists have developed and/or localized guidelines and deployment instructions to operate services in the federation; helpdesk for users to assist with deploying services and debugging issues is functioning. Authentication of corporate users of JSCC RAS in the eduroam and RUNNetAAI services is carried out through the single LDAP server.
The fully deployed and localized FileSender service (https://filesender.runnet.ru) is currently available only for members of the RUNNetAAI federation.
The webinar service of NIKS (https://vc.runnet.ru) uses an open source HTML5-based web conferencing system BigBlueButton (https://bigbluebutton.org) provides high-quality audio, video, screen sharing, whiteboard tools, breakout rooms, public and private chats, polling tools, shared notes using the web-browser's built-in support for WebRTC libraries.
As part of the development of the NIKS service platform, it is planned to create a replicable cloud solution for NIKS users, combining the capabilities of an open source LMS (Moodle) and web conferencing systems BigBlueButton/eduMEET.
The Nextcloud platform (https://cloud.runnet.ru) deployed in NIKS (currently only corporate) provides users with basic services for working with files, calendars, contacts, notes, tasks, personal planning and team project organization tools, opportunities for joint online work with documents in editing mode are provided (based on the tools of the developed office suite OnlyOffice integrated with the platform).
The planned increase in performance of the cloud infrastructure will provide the ability to scale the existing NIKS services to ensuring the required performance in the face of increasing number of users, as well as allocation of virtual machines to organizations with the deployment of replicated solutions for use in the educational process and research.
The work plans for the future also include building a corporate security service space for barrier-free access with uniform credentials (SSO) to individually used services (for example, e-mail), collaboration services (Nextcloud, MediaWiki, BigBlueButton, Redmine, etc.), network monitoring and management services with separation of access rights.
A set of measures for the implementation of new and modernization of the solutions used, aimed at ensuring information security in NIKS, is in the active phase of development. The work includes protecting the telecommunications and server infrastructure, components of the service platform, creating a Security Operation Center (SOC) and implementation of information security services in the interests of end-users. A separate contribution is worthy of discussion of this issue, and restrict ourselves to stating the fact of the inclusion of the work on ensuring information security in the concept of NIKS development.
In general, there are two organizational and conceptual approaches to improving the NIKS service platform, including taking into account the current level of development and the accumulated world experience: • "own services"-development and implementation of services at the NIKS level with the involvement of interested users and in cooperation with specialists from foreign NRENs (with the priority to solutions based on free and open source software); • "integrated services"-cooperation with commercial service providers (individual cloud solutions, video conferencing, information security, CRM, protection against DDoS attacks, software licenses), with an assessment of the potential demand for specific services and economic feasibility (if there are analogues in functionality and performance, preference should be given to domestic software).
In 2021, a pilot project is being implemented with higher education institutions and research organizations (users of NIKS) for free approbation and testing of commercial solutions of videoconferencing developed by several Russian IT-companies with the allocation of hardware capacities (virtual machines) by JSCC RAS, the deployment by technical specialists of vendors of their software products and provision of 500 free of charge licenses to the project participants by the end of the year.
The core activity of JSCC RAS in the field of supercomputer technologies opens up opportunities for the implementation on the basis of modernized infrastructure of NIKS and a distributed network of high-performance supercomputer centers of a unified digital environment for access, monitoring and management of supercomputing resources, including a system of unified access to resources in a distributed environment based on the RUNNetAAI identity federation, a unified system for managing computing resources and user jobs, a unified system for monitoring resources, collecting, processing and analyzing statistical information about the status and degree of use, a jointed data storage system in the form of a single global file space [26,27].

CONCLUSION
Summarizing the issues of the complex modernization of the NIKS service platform discussed in the work, one can try to list the following expected effects of the implementation of the related activities: • integrated on the basis of NIKS a potential of the leading R&E organizations of Russia, objects of geographically distributed infrastructure of scientific research and development, scientific infrastructure for collective use; • resources provided for the implementation of joint research projects within the framework of intra-Russian and international cooperation of sustained and newly formed scientific and scientifictechnological cooperation; technology transfer; • formed a unified digital environment for access, monitoring and management of supercomputing resources of a distributed network of supercomputer centers, contributing to increase the level of accessibility and workload; • developed on the basis of NIKS uniform policies, regulations, organizational and technical solutions aimed at ensuring information security and sustainable operation of the sectoral infrastructure; • ensured security of scientific and scientific and technical information posted in R&E organizations, research and R&E centers of the world level, sectoral federal information systems (protected segments, encrypted channels, protection against DDoS attacks); • organized secure user access to public Internet networks and to local networks of organizations (eduVPN, digital certificates); • ensured the possibility of ubiquitous barrier-free access to R&E resources with uniform credentials based on federated authentication technologies (RUNNetAAI, eduGAIN); • contributed to the development of research and educational mobility programs, provided the service of free Wi-Fi roaming (eduroam); • contributed to improving the efficiency and effectiveness of R&E activities, the availability of highquality educational programs (access to LMS, videoconferencing services, webinars, etc.); • generated statistics and analytics of the use of the infrastructure and services of NIKS, an ongoing assessment of the demand and level of involvement of individual organizations, developed criteria and indicators; • increasing the level of the federal executive authorities' understanding of the role and functions of NIKS as an NREN, taking into account the internal Russian specifics, fundamental differences from commercial telecommunications operators and service providers.
FUNDING The paper has been prepared within the framework of the state assignment of Federal State Institution "Scientific Research Institute for System Analysis of the Russian Academy of Sciences" no. 0580-2021-0014.