Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.geni.net Clearing house for all GENI news and documents GENI Architecture Concepts Global Environment for Network Innovations The GENI Project Office.

Published byPenelope Logan Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.geni.net Clearing house for all GENI news and documents GENI Architecture Concepts Global Environment for Network Innovations The GENI Project Office."— Presentation transcript:

1 www.geni.net Clearing house for all GENI news and documents GENI Architecture Concepts Global Environment for Network Innovations The GENI Project Office (GPO) March 3, 2008 – GEC #2 Arch Conceptswww.geni.net1

2 Principals March 3, 2008 – GEC #2 Arch Concepts2 Researcher: A user that wishes to run an experiment or service in a slice, or a developer that provides a service used by other researchers. A slice authority (SA) is responsible for the behavior of a set of slices, vouching for the users running experiments in each slice and taking appropriate action should the slice misbehave. A management authority (MA) is responsible for some subset of substrate components: providing operational stability for those components, ensuring the components behave according to acceptable use policies, and executing the resource allocation wishes of the component owner. www.geni.net

3 Components & Resources March 3, 2008 – GEC #2 Arch Concepts3 Component: An object representing a physical device in the GENI substrate. A component consists of collection of resources. Such physical resources belong to precisely one component. Each component runs a component manager that implements a well- defined interface for the component. In addition to describing physical devices, components may be defined that represent logical devices as well. Transmission Channel Routeρ r Cableρ c Fiberρ f Spectrumρ s Endpoint IDρ e S/N measurementsμ e Component Computer CPU Memory Disk BW Resource Optical Switch Fiber IDρ Switch Port Channel Band Some resources describe non- configurable characteristics of the component. Other resources are pools which may be allocated under some constraints. Some measurements are available as resources Spectrum Analyzer Location Sample period Sample BW Measurement equipment may also appear as components www.geni.net

4 Component Managers March 3, 2008 – GEC #2 Arch Concepts4 Computer CPU Memory Disk BW Each component is controlled via a component manager (CM), which exports a well-defined, remotely accessible interface. The component manager defines the operations available to user- level services to manage the allocation of component resources to different users and their experiments. A management authority (representing the wishes of the owner) establishes policies about how the component's resources are assigned to users. www.geni.net

5 Slivers & Slices March 3, 2008 – GEC #2 Arch Concepts5 sliver slice Transmission Channel Routeρ r Cableρ c Fiberρ f Spectrumρ s Endpoint IDρ e Transmission Channel Routeρ r Cableρ c Fiberρ f Spectrumρ s Endpoint IDρ e Computer CPU Memory Disk BW Optical Switch Fiber IDρ 1, ρ 2, ρ 3, ρ 4 Switch Port Channel Band From a researcher's perspective, a slice is a substrate-wide network of computing and communication resources capable of running an experiment or a wide-area network service. From an operator's perspective, slices are the primary abstraction for accounting and accountability—resources are acquired and consumed by slices, and external program behavior is traceable to a slice, respectively. A slice is defined by a set of slivers spanning a set of network components, plus an associated set of users that are allowed to access those slivers for the purpose of running an experiment on the substrate. That is, a slice has a name, which is bound to a set of users associated with the slice and a (possibly empty) set of slivers. sliver slice www.geni.net

6 Identifiers March 3, 2008 – GEC #2 Arch Concepts6 All researchers, slices, and components have a Global Identifier (GID). A GID binds a Universally Unique Identifier (UUID) to a public key. The object identified by the GID holds the private key, thereby forming the basis for authentication. GID private key Held by component/slice possessing the GID 128bit UUID public key Easy-to-use handle For verifying integrity & authenticity of GID, UUID. authority’s signature Says who is responsible by pointing up the chain of authority. (optional). www.geni.net

7 Registries & Names March 3, 2008 – GEC #2 Arch Concepts7 Top-level authority name: geni Top-level authority GID: Sub-authority nameSub-authority GIDSub-authority contact info (e.g., URI, etc) other geni.slhttp://geni.net/ops/sl geni.cmhttp://geni.net/ops/cmp A name registry binds strings to GIDs, as well as to other domain-specific information about the corresponding object (e.g., the URI at which the object’s manager can be reached, an IP or hardware address for the machine on which the object is implemented, the name and postal address of the organization that hosts the object, and so on). GID Names are human- readable and hierarchical GID The component registry maintains information about a hierarchy of management authorities, along with the set of components for which the MAs are responsible. This registry binds a human-readable name for components and MAs to a GID, along with a record of information that includes the URI at which the component’s manager can be accessed; other attributes and identifiers that might commonly be associated with a component (e.g., hardware addresses, IP addresses, DNS names); and in the case of an MA, contact information for the organization and operators responsible for the set of components. The slice registry maintains information about a hierarchy of slice authorities, along with the set of slices for which the SAs have taken responsibility. This registry binds a human-readable name for slices and SAs to a GID, along with a record of information that includes email addresses, contact information, and public keys for the set of users associated with the slice; and in the case of an SA, contact information for the organization and people responsible for the set of slices. There are benefits to having names non-global. Need to think about how communities can use names without necessarily making them global. www.geni.net

8 Strawman Component Registration March 3, 2008 – GEC #2 Arch Concepts8 NSF GENI clearinghouse Component Registry GID 1. CM self-generates GID: public and private keys 2. CM sends GID to MA; out of band methods are used to validate MA is willing to vouch for component. 3. MA (because it has sufficient credentials) registers name, GID, URIs and some descriptive info. Notes: Identity and authorization are decoupled in this architecture. GIDs are used for identification only. Credentials are used for authorization. I.e., the GID says only who the component is and nothing about what it can do or who can access it. Authorization is not shown here. Assuming aggregate MA already has access to component registry Need to consider models where component registration is not needed. (pro: better scaling, con: some centralization may improve user support) Aggregate Mgmt Authority Component www.geni.net

9 Strawman User Registration March 3, 2008 – GEC #2 Arch Concepts9 GID NSF GENI clearinghouse Slice Registry 1. User self-generates GID: public and private keys. Slice Authority GID Notes: Assuming SA is registered at GENI Slice & User registry Assuming SA is outside of the clearinghouse, associated with a research institution. Need a use case that develops user registration – the role of the Slice Authority, in particular – and shows multiple models of user registration (e.g., anonymous). We don’t yet understand issues around the mapping of users to organizations, for example how cross-institutional collaboration works or whether a user can only be bound to a single SA. 3. SA provides user credentials (“this is a Duke researcher”) 2. User presents his GID and other identifying information to a SA that is willing to vouch for him 4. The user’s GID and contact info are bound in the User Registry at the clearinghouse. 0. SA registers at the GENI clearinghouse www.geni.net

10 Strawman Slice Creation March 3, 2008 – GEC #2 Arch Concepts10 NSF GENI clearinghouse Slice Registry 1. User sends his credentials to the SA requesting a slice. Slice Authority GID Notes: A slice can exist with no components in it. So, the minimal slice consists of a slice ID bound to a user. 2. SA validates users identity and credentials, grants a slice ID to the user. 3. SA registers the slice ID and the binding between the user id and slice ID at Clearinghouse. GID www.geni.net

Download ppt "Www.geni.net Clearing house for all GENI news and documents GENI Architecture Concepts Global Environment for Network Innovations The GENI Project Office."

Similar presentations

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Information Document 18-E ITU-T Study Group 2 May 2002 QUESTION:Q.1/2 SOURCE:TSB TITLE:UNIVERSAL COMMUNICATIONS IDENTIFIER (UCI) (by Mike Pluke, ETSI)

Information Document 18-E ITU-T Study Group 2 May 2002 QUESTION:Q.1/2 SOURCE:TSB TITLE:UNIVERSAL COMMUNICATIONS IDENTIFIER (UCI) (by Mike Pluke, ETSI)
FIBRE-BR Meeting GENI I&M Marcelo Pinheiro. Agenda GENI Overview GENI User groups GENI I&M Use Cases GENI I&M Services.

FIBRE-BR Meeting GENI I&M Marcelo Pinheiro. Agenda GENI Overview GENI User groups GENI I&M Use Cases GENI I&M Services.
PlanetLab Architecture Larry Peterson Princeton University.

PlanetLab Architecture Larry Peterson Princeton University.
Sponsored by the National Science Foundation 1 Activities this trimester 0.5 revision of Operational Security Plan Independently (from GPO) developing.

Sponsored by the National Science Foundation 1 Activities this trimester 0.5 revision of Operational Security Plan Independently (from GPO) developing.
SPECIFYING SECURITY POLICY: ORCA Ken Birman CS6410.

SPECIFYING SECURITY POLICY: ORCA Ken Birman CS6410.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
PlanetLab Operating System support* *a work in progress.

PlanetLab Operating System support* *a work in progress.
GENI Architecture Global Environment for Network Innovations The GENI Project Office (GPO) March 2, 2008 – GEC #2 Architecturewww.geni.net1 Clearing house.

GENI Architecture Global Environment for Network Innovations The GENI Project Office (GPO) March 2, 2008 – GEC #2 Architecturewww.geni.net1 Clearing house.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Sponsored by the National Science Foundation GENI Clearinghouse Panel GEC 12 Nov. 2, 2011 INSERT PROJECT REVIEW DATE.

Sponsored by the National Science Foundation GENI Clearinghouse Panel GEC 12 Nov. 2, 2011 INSERT PROJECT REVIEW DATE.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.
Memory Management and Paging CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han.

Memory Management and Paging CSCI 3753 Operating Systems Spring 2005 Prof. Rick Han.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Chapter 29 Structure of Computer Names Domain Names Within an Organization The DNS Client-Server Model The DNS Server Hierarchy Resolving a Name Optimization.

Chapter 29 Structure of Computer Names Domain Names Within an Organization The DNS Client-Server Model The DNS Server Hierarchy Resolving a Name Optimization.
Lecture 7 Access Control

Lecture 7 Access Control
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Similar presentations

Ads by Google