wiki:FeddGettingStarted

Version 4 (modified by faber, 13 years ago) (diff)

--

Federating With DETER

This discusses how to connect a DETER or Emulab-based testbed to DETERLab using fedd, ABAC and their tools.

Introduction

This page takes a user through the process of adding federation components to an existing DETER and assigning user credentials that will allow users to access that DETER through the fedd interfaces, and then to use those same interfaces to access federated resources. We will also talk about how to allow federated users to use the local resources.

This document will discuss the relevant fedd components, what they do, and what they need in order to do those jobs. We also discuss the tools an experimenter uses to create and monitor federated experiments. Then we briefly discuss how to get the ABAC credentials necessary to access the federated environment.

Fedd really is two entities, an Access Controler that mediates access to federated resources and provides standard interfaces for allocating them, and an Experiment Controller that acts as a credential store and coordinates requests across multiple access controllers. The discussion of the Deter Federation Architecture has more to say about these entities, but this is enough to get started. DETERLab runs an experiment controller that can be reached at https://users.isi.deterlab.net:23235 and new federation users can use that experiment controller, but when setting up and administering a federated testbed it can be very helpful to install and configure an experiment controller locally.

Here is a block diagram of a user making a request for a federated experiment. We will show how to configure the credentials that users and the experiment controller pass to access controllers, how to configure the policies at the access controlers to allow access and map federated users into local users. We will also configure the experiment controller to find the access controlers and the access controllers to allocate resources (start DETER experiments) on behalf of local users.

Federation Block Diagram

Both the policy and credentials are ABAC credentials, but we provide tools to configure these for the common cases. Specifically we explain how to get a new testbed endorsed as a federation partner and how to allow federated partners access to local resources. Tools for finer-grained access control are in development, though ambitious users can use the raw ABAC tools to specify policy.

Road Map

The rest of this document explains how to do the following:

  • Install the federation software
  • Configure an experiment controller that translates local DETER projects and user identities into ABAC
  • Configure an access controller to map those ABAC credentials back into local users and to allocate resources on their behalf
  • How to get credentials endorsed from DETERLab to gain access to federated resources and use them.

Installation

Attachments (5)

Download all attachments as: .zip