| 1 | | [[PageOutline]] |
| 2 | | |
| 3 | | = GENI Desktop Project Status Report = |
| 4 | | |
| 5 | | Period: Solicitation 4 Year 2 |
| 6 | | |
| 7 | | == I. Major accomplishments == |
| 8 | | |
| 9 | | The following highlights our accomplishments during the last year. |
| 10 | | |
| 11 | | === A. Milestones achieved === |
| 12 | | |
| 13 | | * Modified the GENI Desktop to support "Speaks-for" authentication being developed/supported by the control frameworks and other GENI tools/services. |
| 14 | | |
| 15 | | * Incorporated user-driven feedback into the GENI Desktop to support new user-requested services and features. |
| 16 | | |
| 17 | | * Developed new training materials that incorporate the changes made to the GENI Desktop. |
| 18 | | |
| 19 | | * Integrated and leveraged existing tools and services (e.g., Jacks) into the GENI Desktop for managing topologies, experiments, and results. |
| 20 | | |
| 21 | | * Collected user feedback regarding usability of the GENI Desktop and made major changes to improve its ease-of-use and aesthetics. |
| 22 | | |
| 23 | | * Adapted the GENI Desktop archiving service for storing and retrieving experiment results and artifacts from iRoDs to support a new archival service with enhanced features. |
| 24 | | |
| 25 | | * Enhanced the set of scriptable resource management, instrumentation, and monitoring available to experimenters and other tools. |
| 26 | | |
| 27 | | * Enabled integration of the GENI Desktop with other experimenter tools. |
| 28 | | |
| 29 | | * Created documentation and tutorial materials to reflect this latest version of the GENI Desktop. |
| 30 | | |
| 31 | | === B. Deliverables made === |
| 32 | | |
| 33 | | * We enhanced the GENI Desktop to use "Speaks-for" credentials for accessing resources from other GENI components on behalf of users. |
| 34 | | |
| 35 | | * We implemented an initial version of the slice verification and configuration testing service. |
| 36 | | |
| 37 | | * We developed code for super slice support in the GENI Desktop. |
| 38 | | |
| 39 | | * We developed a completely new user interface for the GENI Desktop which we call "GENI Desktop Lite" that greatly improves the look-and-feel and ease-of-use of the GENI Desktop. |
| 40 | | |
| 41 | | * We integrated the Jacks tool into the GENI Desktop, enabling users to create topologies and instantiate experiments (i.e., slices) using the Jacks tool. We also integrated the Adopt-A-GENI (AAG) tool into the GENI desktop. |
| 42 | | |
| 43 | | * We developed and integrated a new archival service into the GENI Desktop that leverages VMs to hold, and later display, the archived experiment state in the same context as it was initially collected and viewed. |
| 44 | | |
| 45 | | * We designed and implemented a GENI Desktop Command Line Interface (gdcli) that enables users to write scripts that control, manage, and measure the performance of their slices through the GENI Desktop. |
| 46 | | |
| 47 | | * We demonstrated how the new gdcli can be used by other experimenter tools to integrate with the GENI Desktop. |
| 48 | | |
| 49 | | * We developed online documentation for the new gdcli interface and gave a tutorial entitled "Monitoring and Controlling Experiments with GENI Desktop Scripts and Modules" at the GEC 23 conference. |
| 50 | | |
| 51 | | == II. Description of work performed during the last year == |
| 52 | | |
| 53 | | The following provides a description of the progress made during the last year. |
| 54 | | |
| 55 | | === A. Activities and findings === |
| 56 | | |
| 57 | | Our activities this past year have resulted in enhanced functionality, |
| 58 | | improved ease-of-use, better authentication/security, a redesigned user |
| 59 | | interface, and the ability to control the GENI Desktop programmatically |
| 60 | | throught scripts. In particular, we: |
| 61 | | |
| 62 | | * Incorporated support for "Speaks-for" into the GENI Desktop |
| 63 | | |
| 64 | | * Designed and implemented a slice verification service |
| 65 | | |
| 66 | | * Designed and implemented a super slice abstraction |
| 67 | | |
| 68 | | * Developed a new archival services based on Xen VMs to restore entire contexts |
| 69 | | |
| 70 | | * Redesigned the look-and-feel of the GENI Desktop user interface to make it much easier to use |
| 71 | | |
| 72 | | * Integrated Jacks and Adopt-A-GENI (AAG) tools into the GENI Desktop |
| 73 | | |
| 74 | | * Designed and implemented a GENI Desktop Command Line Interface (gdcli) to enable script-based access to GENI Desktop functionality. |
| 75 | | |
| 76 | | The following briefly describes our activities this past year. We beginning with our efforts to |
| 77 | | improve the authentication/authorization used to access the GENI Desktop, and |
| 78 | | then move on to describe new functionality added to the GENI Desktop, |
| 79 | | followed by a description of our efforts to enhance the look-and-feel of the |
| 80 | | GENI Desktop, and |
| 81 | | lastly our efforts to allow scripting of the GENI Desktop. |
| 82 | | |
| 83 | | |
| 84 | | ==== Authorization: Supporting "Speaks-for" ==== |
| 85 | | |
| 86 | | The "Speaks-for" credential allows trusted tools to act for, instead of |
| 87 | | acting as, an experimenter to perform certain actions, such as requesting |
| 88 | | resources from aggregates, accessing allocated resources, and installing |
| 89 | | software on experimental nodes. We enhanced the GENI Desktop to use "Speaks-for" |
| 90 | | credentials for accessing resources on behalf of users. Users no longer |
| 91 | | need to provide the private key to the GENI Desktop. We implemented an interface |
| 92 | | for the user to authorize the GENI Desktop to speak for her/him. A GENI |
| 93 | | Desktop-specific certificate is signed using the private key of the user. |
| 94 | | Because the whole process happens within the browser on the client side, |
| 95 | | the private key never leaves the user's machine. The "Speaks-for" credential |
| 96 | | allows the GENI Desktop to talk to aggregates and perform all necessary |
| 97 | | actions on behalf of the user. |
| 98 | | |
| 99 | | ==== New Functionality (1): Jacks, Archival, Verification and Super Slice Services ==== |
| 100 | | |
| 101 | | Another goal this past year has been to begin integrating support for other tools |
| 102 | | into the GENI Desktop. To demonstrate the ability to support other tools, we |
| 103 | | began by integrating the Jacks tool into the GENI Desktop. Users can now add |
| 104 | | resources to their slices by selecting Jacks in the GENI Desktop which will |
| 105 | | direct them to a GENI Desktop page that embeds the Jacks tool and allows them |
| 106 | | to allocate the resources (i.e., which uses the OMNI tool). RSPECs |
| 107 | | created by Jacks can be saved by the GENI Desktop for future use. |
| 108 | | |
| 109 | | In addition, we integrated the Adopt-A-GENI (AAG) flow specification module into |
| 110 | | the GENI Desktop, allowing users to visually define OpenFlow paths across the |
| 111 | | topology that are then sent to the AAG module to be instantiated in the |
| 112 | | OpenFlow controller. Although the AAG functionality is logically a distinct |
| 113 | | service/tool, the messaging system between windows in the GENI Desktop made |
| 114 | | it possible to incorporate this new tool with relatively little effort. In |
| 115 | | addition, we were able to add a new AAG Controller node type to the Jacks |
| 116 | | wrapper, thereby integrating the AAG controller into the Jacks tool as well. |
| 117 | | |
| 118 | | The existing archival service in the GENI Desktop leveraged the iRoDs storage |
| 119 | | service to store and later retrieve measurement data collected by the GENI |
| 120 | | Desktop. A key limitation of this service was the inability to easily (and |
| 121 | | quickly) access, view, and make sense of archived measurement data. To |
| 122 | | address this need, we developed a new archival service that not only archives |
| 123 | | the measurement data, but also archives the software and context used to |
| 124 | | display the data. Because the data and the environment needed to view the |
| 125 | | data are archived, users can quickly access an archive and view the saved |
| 126 | | data using the same tools available at the time the data was collected. |
| 127 | | |
| 128 | | To support this new archival service, we implemented an archival server that |
| 129 | | not only captures the measurement data stored on the global node (where |
| 130 | | measurement data is collected), but it also captures the state of the drupal |
| 131 | | system used to display the data, including all web server (apache) and |
| 132 | | database (mysql) files. GENI Desktop users can request that an archive be |
| 133 | | made, which is then sent to the archive server. When a user visits the |
| 134 | | archive web page on the archive server, they can select from any of the |
| 135 | | archived snapshots. The archive server will dynamically launch a Xen VM, |
| 136 | | setup the apache, mysql, and Drupal state needed to view the measurement |
| 137 | | data, install the archived measurement data, create login credentials for the |
| 138 | | user, and share the credentials with the GD so the user is automatically logged |
| 139 | | into the archive VM. The result is that the user is presented with the same |
| 140 | | look-and-feel as if they had gone to the global node at the time the snapshot was taken. |
| 141 | | |
| 142 | | We implemented the slice verification and configuration testing service |
| 143 | | as a module in GENI Desktop by taking advantage of the module builder function |
| 144 | | of the GENI Desktop. Based on the manifest of an experiment, the verification |
| 145 | | service analyzes the topology and performs tests about the interfaces of all |
| 146 | | nodes in the experiment. The initial version we implemented checks whether |
| 147 | | each interface is up and whether it is reachable from a ping test. |
| 148 | | The results are presented in a table showing the status of all the interfaces of |
| 149 | | all the nodes in the experiment. |
| 150 | | Later versions of the verification service included |
| 151 | | additional checks (particularly automated bandwidth checks) and also made it |
| 152 | | possible for users to write their own verification scripts to test for things |
| 153 | | of importance to their experiment. |
| 154 | | |
| 155 | | Building a large experiment is a difficult task in GENI, partly because |
| 156 | | it is more likely to fail if we create an experiment with a lot of nodes. |
| 157 | | At the same time, we may have multiple related experiments and want to |
| 158 | | combine these relatively small experiments together to form a large experiment. |
| 159 | | We developed a new "super slice" service in the GENI Desktop to support this functionality. |
| 160 | | Users can use the GENI Desktop to create a super slice by combining multiple |
| 161 | | existing slices together. The GENI Desktop provides a GUI for users to display |
| 162 | | multiple slices at the same time and pick any pair of nodes from different |
| 163 | | slices to establish a link between them. The Super Slice service in the GENI |
| 164 | | Desktop currently can then automatically set up GRE tunnels between these selected pairs of nodes |
| 165 | | from different slices. |
| 166 | | |
| 167 | | ==== A New User Interface: GENI Desktop Lite ==== |
| 168 | | |
| 169 | | Over the years the number of features and capabilities offered by the GENI |
| 170 | | Desktop has continued to expand. Indeed, a key goal of the GENI Desktop was |
| 171 | | to provide users with a context for managing all aspects of their experiment |
| 172 | | from setup and deployment to monitoring and archiving of measurements and |
| 173 | | results. The downside to this expanded functionality is increased complexity |
| 174 | | using the tool. |
| 175 | | At the same time, the number of experimenters who are using the GENI Desktop to |
| 176 | | create, manage, monitor, and control their slices has been grown rapidly, |
| 177 | | due, in part, to users being exposed to the GENI Desktop as part |
| 178 | | of GENI tutorials, summer camps, demontrations and online documents and |
| 179 | | videos. Feedback from this user group indicated that the extensive |
| 180 | | functionality available in GENI Desktop made it difficult for new users to |
| 181 | | navigate and use. |
| 182 | | |
| 183 | | To address this need for a tool that could be easily learned and used by new |
| 184 | | users, we completely redesigned the look-and-feel of the GENI Desktop to |
| 185 | | reduce complexity and make it simple to create, run, and monitor |
| 186 | | experiments. Our new "GENI Desktop (GD) Lite" interface is now the default |
| 187 | | intereface that users see when they log into the GENI Desktop. |
| 188 | | Users can still access the (original) advanced user interface if needed, but in most |
| 189 | | cases find that the GD Lite interface is sufficient. |
| 190 | | The Lite intereface is designed to take users through the lifecycle of an |
| 191 | | experiment. The Lite intereface starts by helping users create a slice, |
| 192 | | assigning resources to the slice, and then giving them access to a simplified |
| 193 | | version of the GENI Desktop topology view where they can log in to nodes, run |
| 194 | | their experiment, monitor basic traffic types, and archive results. Initial |
| 195 | | feedback on the new intereface has been extremely positive. |
| 196 | | |
| 197 | | In addition to a major rewrite of the web code for the user interface, one of the key |
| 198 | | challenges that we had to address was automating the global node setup, initialization, |
| 199 | | and instrumentation. While these "backend" operations were clearly visible |
| 200 | | in the old user interface, they had to be hidden in the new interface. This |
| 201 | | meant that the GENI Desktop had to be able to add global nodes into the slice |
| 202 | | (one for each aggregate) on the user's behalf. This required working with |
| 203 | | the aggregates to support the GENI AM API calls needed to add resources to an |
| 204 | | existing slice. In addition, the GENI Desktop needed to be able to initialize and then |
| 205 | | instrumentize the slice in the background (i.e., while allowing the user to |
| 206 | | view and use the slice in the GENI Desktop). This required changes to the |
| 207 | | GENI Desktop to monitor the background initialization/instrumentation |
| 208 | | process and incrementally enable functionality as it became available. For |
| 209 | | example, while resources are being allocated the GENI Desktop can only display |
| 210 | | the topology and the status of the node initialization. As soon as the |
| 211 | | initilization completes, the file upload, ssh, and run command functionality become available in the user |
| 212 | | interface. Later when the instrumentation completes, functionality such as |
| 213 | | displaying basic traffic graphs or archiving measurement data become |
| 214 | | available in the user interface. In short, users are now taken directly to the |
| 215 | | GENI Desktop topology view, bypassing several setup steps required by the old |
| 216 | | user interface. Commonly needed functionality is then automatically added as |
| 217 | | it becomes available. As part of the new Lite interface, we also simplified |
| 218 | | the design of the web page(s) used to select a predefined RSPEC. |
| 219 | | |
| 220 | | ==== Programming the Desktop: The GENI Desktop CLI (gdcli) ==== |
| 221 | | |
| 222 | | The GENI Desktop greatly simplifies the task of instrumenting and monitoring |
| 223 | | a users' experiment (slice). However, users could only access the GENI |
| 224 | | Desktop via a web interface. In other words, there was not programmatic way |
| 225 | | for experimenters or tool developers to leverage the GENI Desktop |
| 226 | | functionality. |
| 227 | | |
| 228 | | To address this need we designed a new interface to the GENI Desktop that |
| 229 | | could be used to programatically upload files, run commands, download |
| 230 | | measurement graphs, etc --- functions previously only possible via the GENI |
| 231 | | Desktop web interface. In particular, we developed an application that runs |
| 232 | | on Linux (or other Unix-based systems), Mac, and Window called the gdcli |
| 233 | | program that can be used to interact with the GENI Desktop. The gdcli |
| 234 | | program can be used to: |
| 235 | | |
| 236 | | * Upload files to a select set of nodes |
| 237 | | * Run a command on a select set of nodes |
| 238 | | * Download a traffic measurement graph (as PNG or CSV) from a select set of nodes |
| 239 | | * Download a normal file from a select set of nodes |
| 240 | | * Get a list of slices |
| 241 | | * Check the status of a slice |
| 242 | | * Get the topology of a slice |
| 243 | | * Validate the setup of a slice |
| 244 | | * List the nodes in a slice |
| 245 | | * List the links in a slice |
| 246 | | |
| 247 | | The gdcli program can be called from any scripting language (e.g., |
| 248 | | python, perl, sh (bash), .BAT files, etc). As a result, users are able to |
| 249 | | write programs in their favorite scripting language that make calls to the |
| 250 | | GENI Desktop to upload/download files, download measurement graphs, run |
| 251 | | commands, etc. |
| 252 | | |
| 253 | | There were several challenges that we had to address |
| 254 | | while implementing the gdcli scripting interface. |
| 255 | | First, we needed a way to make calls to the GENI Desktop server (e.g., to |
| 256 | | download a traffic graph, or run a command). To solve this problem we |
| 257 | | enhanced the GENI Desktop server to support HTTP posts that included |
| 258 | | parameters to the request specifying, for example, the list of traffic graphs to be |
| 259 | | downloaded (i.e., the nodes/links names and the types of graphs desired). |
| 260 | | We implemented a python backend server specifically designed to process the |
| 261 | | request, perform the action, and return the results. |
| 262 | | The python backend shares access |
| 263 | | with the previous GENI Desktop PHP code to the databases and files used by the |
| 264 | | GENI Desktop, thereby ensuring that the results returned by the gdcli are the |
| 265 | | same information as would be seen in the GENI Desktop web interface. |
| 266 | | |
| 267 | | A second challenge was securing the access to, and communication with, the |
| 268 | | new python backend server. To ensure communication is secure, all communication |
| 269 | | occurs over a secure connection using https. The problem of authorization |
| 270 | | requires not only that the user authenticate themselves to the server, but |
| 271 | | that the server obtain a "speaks-for" certificate to act on behalf of the |
| 272 | | user. Because the existing speaks-for generation tools are designed for |
| 273 | | interactive web use, not scripting, we decided to require that users first |
| 274 | | authorize a speaks-for using the existing GENI Desktop web interface which |
| 275 | | can then be stored and used by the GENI Desktop (and our new backend server) |
| 276 | | until the speaks-for expires. However, this does not solve the authorization |
| 277 | | problem. To ensure the users has the right to issue commands to our python |
| 278 | | backend server, the web interface of the GENI Desktop also creates a secret |
| 279 | | key (say at the same time the user authorizes the speaks for) that the user |
| 280 | | must store on their local machine. The secret key is used when communicating |
| 281 | | with the python backend server to prove that the user has the right to invoke |
| 282 | | the requested operations on the GENI Desktop. In that sense, users can think |
| 283 | | of the gdcli secret key like an ssh key that must be present on their local |
| 284 | | machine in order to access the service. |
| 285 | | |
| 286 | | A third issue involved handling the results/output of a gdcli request. The |
| 287 | | gdcli tool provide two mechanisms for handling the output from a request. |
| 288 | | The first, and most simple mechanism, concatenates all the output files/graphs and prints |
| 289 | | them to standard output, allowing users to redirect output to other programs |
| 290 | | or tools. The second way gdcli handles output is to deposit each graph, |
| 291 | | downloaded file, or output from a run command into a different file on the |
| 292 | | local machine. Files are automatically assigned names that describe their |
| 293 | | content (based on the slice, the aggregate, the node or link, and the type |
| 294 | | of graph). Because the naming convention is known to experimenters, they can |
| 295 | | easily write scripts that know what filenames to look for, and then feed |
| 296 | | those files to the appropriate program for processing (e.g., copying traffic |
| 297 | | graphs into a web directory to create a user-defined traffic mashup view). |
| 298 | | |
| 299 | | === B. Project participants === |
| 300 | | |
| 301 | | The following individuals are involved with the project in one way or another: |
| 302 | | * Jim Griffioen - Project PI |
| 303 | | * Zongming Fei - Project Co-PI |
| 304 | | * Hussamuddin Nasir - Technician/Programmer |
| 305 | | * Charles Carpenter - Technician/Programmer |
| 306 | | * Xiongqi Wu - Ph.D. Student |
| 307 | | * Jeremy Reed - Ph.D. Student |
| 308 | | |
| 309 | | === C. Publications (individual and organizational) === |
| 310 | | |
| 311 | | === D. Outreach activities === |
| 312 | | |
| 313 | | * We gave a presentation about the GENI Desktop and its features during the Introduction to GENI Instrumentation & Measurement Tools portion of the Getting Started with GENI tutorial at GEC 22 and GEC 23. |
| 314 | | |
| 315 | | * We gave a demo of the latest GENI Desktop features during the demo session at GEC 21, GEC 22, and GEC 23. |
| 316 | | |
| 317 | | * We gave a tutorial entitled "Monitoring and Controlling Experiments with GENI Desktop Scripts and Modules" at the GEC 23 conference. |
| 318 | | |
| 319 | | * We developed and posted online-documentation and online-tutorials that describe the new features of the GENI Desktop for users. |
| 320 | | |
| 321 | | === E. Collaborations === |
| 322 | | |
| 323 | | * Most of our collaborations have been between the GPO Portal team and the aggregate teams at Utah and RENCI. |
| 324 | | |
| 325 | | === F. Other Contributions === |
| 326 | | |
