Changes between Version 1 and Version 2 of IMF-GEC13-QSR


Ignore:
Timestamp:
03/29/12 16:35:50 (7 years ago)
Author:
Rudra Dutta
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • IMF-GEC13-QSR

    v1 v2  
    4949== Activities and Findings ==
    5050
    51 [[Image(imf-gec13.png, 90%)]] [[BR]]
     51[[Image(imf-gec13.png)]] [[BR]]
    5252
    53 The figure above shows the context of each of the modules we describe briefly below.
     53The figure above shows the context of each of the modules we describe briefly below.  More detailed documentation, code, and installation instructions are in the "Code Release" section below on this wiki.
    5454
     55=== IMF Extended Openfire XMPP Server (IMF Messaging Service) ===
     56
     57Th IMF Messaging Service is expected to run in some management server, typically outside slices.  In the GEC13 demo, this ran on a  management server on the BEN facility at RENCI.
     58
     59It holds a certificate for at least one GENI Certifying Authority.  That is, it "recognizes" the authority of (is prepared to accept certificates issued by) this GENI CA.  It may hold certificates for multiple GENI CAs.
     60
     61When a client attempt to initiate a secure connection to it, the IMF Messaging Service expects that client to produce a certificate which is signed by the GENI CA.  If not, the connection is refused.  We call this ''entity authentication''.
     62
     63Having successfully connected to the IMF Messaging Service, a client would attempt to either publish to a topic (node), or subscribe to it.  The IMF Messaging Server expects credentials to find previously stored credentials for the authenticated entity corresponding to each such action ("can-publish" and "can-subscibe" credentials).  Otherwise these actions are refused.  Credentials can be stored by the creator of the topic.  We call this credential verification ''authorization''.
     64
     65Both certificates and credentials can be created by the '''gcf''' tool, which has been extended for the purpose.
     66
     67In order to make this work, the JIDs of clients have to match the arbitrary generated credentials.  Thus in this view, the JIDs of the clients are not meant to have significance to humans, whereas the topic names are.
     68
     69=== "Empty" Sample Client to IMF Messaging Service ===
     70
     71A simple XMPP client which behave according to the expectations of the IMF Messaging Service as above.  This can be used as sample code for building messaging clients with the authentication and authorization capabilities.  In the GEC13 demo, this ran off a standalone laptop at the demo site.
     72
     73To access the IMF Messaging Service, the client must have access to a public IP interface of the server running the IMF Messaging Service.  Alternatively, if the server is in a VPN, it needs access to that VPN; etc.  In our GEC13 demo, the server was in a VPN to which the laptop had been given access.
     74
     75=== OMF EC and RC using IMF Messaging Service ===
     76
     77In the OMF system, the Experiment Controller (EC) and Resource Controller (RC) communicate to each other through an XMPP server.  The XMPP topics are bootstrapped by the OMF Aggregate Manager (AM).  The EC locates the XMPP server by prior secure HTTP interaction with the AM.  In the GENI context, the OMF EC and RC can be expected to run in VMs within slices.
     78
     79We created modules similar to the OMF EC and RC, that communicate through the IMF Messaging System, and using authentication and authorization as above.  The topic bootstrapping is currently manual.  Our implementation conforms with OMF 5.4; OMF is currently moving to 6.0 which should eliminate the secure HTTP step, and we will reexamine our implementation in light of that change when available.
     80
     81In the GEC13 demo, these ran in an ORCA slice created with Flukes; on distinct VMs of the same slice, which had VPN access to the IMF Messaging Service server.
     82
     83=== Repository Service using IMF Messaging Service ===
     84
     85A client built on the sample client, which subscribes to some particular topic, then locally archives every message that is published on that topic.  In the GEC13 demo, it ran on a standalone laptop at the demo site, which had VPN access to the IMF Messaging Service server.
     86
     87The repository server attempts to be accommodating of messages to be archived.  If the XML message contains a particular preamble, the Repository Service attempts to parse the XML to find out what table to store the message into, and divide the message into column values.  If this preamble is missing, the Repository Service simply stores the entire message as one field in a default table, indexed only by timestamp and sender.
     88
     89=== IMF Optical Measurement Handler using IMF Messaging Service ===
     90
     91This is the IMF Measurement Handler (with PubSub Manager) with appropriate physical optical substrate interface modules to extract measurement data from various optical substrates, such as Polatis switches and Infinera DTNs, that we successfully demonstrated at GEC8 and following.  It has been updated to use the IMF Messaging Service, rather than an inbuilt XMPP server, and use authentication and authorization.  This must run on a machine that has access to the management interfaces of the optical hardware - typically this would imply physical proximity, and RS232 connection or similar.  In the GEC13 demo, this ran on a dedicated server on BEN at RENCI.
     92
     93This code module also makes the "SimpleIMFSubscriber" target, which can consume and display the optical port power and other readings being generated and published by the Measurement Handler/PSM, updated to use the IMF Messaging Service.
    5594
    5695== Project Participants ==
     
    83122
    84123
    85 === IMF Extended Openfire XMPP Server ===
     124=== IMF Extended Openfire XMPP Server (IMF Messaging Service) ===
    86125
    87  * [attachment:ezclient.pl Download zip file]
    88  * [attachment:perfsonar_imf_gui_v2.1.jar perfSONAR standalone GUI client for IMF measurements]
    89  * [attachment:mh.tar.gz Measurement Handler]
    90  * [attachment:PubSub_for_PerfSONAR.tar.gz PubSub for perfSONAR]
    91  * [attachment:perfsonar_imf_realtime.tar.gz perfSONAR IMF Realtime service]
     126 * [attachment:some_name.zip Download zip file]
     127 * [attachment:some_other_name.docx Detailed documentation]
     128
     129=== "Empty" Sample Client to IMF Messaging Service ===
     130
     131 * [attachment:some_name.zip Download zip file]
     132 * [attachment:some_other_name.docx Detailed documentation]
     133
     134=== OMF EC and RC using IMF Messaging Service ===
     135
     136 * [attachment:some_name.zip Download zip file]
     137 * [attachment:some_other_name.docx Detailed documentation]
     138
     139=== Repository Service using IMF Messaging Service ===
     140
     141 * [attachment:some_name.zip Download zip file]
     142 * [attachment:some_other_name.docx Detailed documentation]
     143
     144=== IMF Optical Measurement Handler using IMF Messaging Service ===
     145
     146 * [attachment:some_name.zip Download zip file]
     147 * [attachment:some_other_name.docx Detailed documentation]
     148
     149
    92150
    93151The pS clients are configured to try to access data from the IMF Measurement Handlers running on the BEN testbed, to retrieve port power and BER measurements made on Polatis and Infinera switches.  To successfully run this, you need VPN access to the management plane network of BEN.  Get in touch with the IMF team to obtain this access, if you need it.