The Desktop Access Controller (plugin)

The desktop controller allows experimenters to create experiments that incorporate standalone computers running FreeBSD or Linux. These computers act as though they are a direct part of the experiment. The traffic from the desktop computer is tunnelled via SSH to and from the DETER experiment at layer 2. Unlike federated testbeds, the desktop plugin currently does not import or export filesystem service or DETER accounts. The desktop owner continues to manage most of the computer.

The SSH tunnel can use a dedicated link or be multiplexed with other traffic on on a given network interface. The traffic is routed using the internet routing established by the user.

This page will explain how to configure and use the desktop controller.

Download

Follow the directions for downloading and installing fedd. Download and install from the git repository as the desktop controller is new functionality.

Configuration

Once the fedd is downloaded, the desktop plugin will need to be configured and started. Generally people running a desktop controller will not need to run an experiment controller as well. Most experimenters will use DETER's experiment controller (at ​https://users.isi.deterlab.net:23235 )

While it is worth reading the general configuration instructions, only a subset of them are directly applicable to the desktop controller.

Permissions On The Desktop

The desktop controller will need to run some commands as root in order to connect the desktop to DETER. Specifically, it will need to run ssh as root, create tap interfaces (through ssh), configure network routing, and append to the /etc/hosts file. You can either do this by running the controller as root, or by giving the user that runs the controller the right to run commands through sudo.

Unless you are willing to type the password into a window in which the controller is running, it should be able to sudo without using a password. The two commands that the controller runs are shell scripts called connect and disconnect. The user configuring the desktop controller controls the rest of the pathname of those scripts. You can configure sudo to allow those scripts to be run without a password. See the sudo manual for details.

The controller will also create tap interfaces, and the kernel code to do this must be loaded. On linux this is done by:

# modprobe tun

and on FreeBSD

# kldload if_tap

Be sure to run these commands as root before attempting to create experiments using the desktop plugin.

Configuring the Desktop Controller

Create a directory for the data and configuration of the desktop controller. It does not need to be on a very large file system - a few megs at *most* - but should not be in a temporary directory. DETER uses /usr/local/etc/fedd for this. In the configuration directory, create a file similar to this one​: