abone architecture and operation abcd — abone control daemon server for remote ee management...
TRANSCRIPT
ABone Architecture and Operation
ABCd — ABone Control Daemon• Server for remote EE management
• On-demand EE initiation and termination• Automatic EE restart (permanent EEs)• Java and C debugging support
• Node management support• File upload/download• Script execution (management “EE-lets”)
• Self-management capabilities• Event logging and status reporting• Reconfiguration and restart
• Supports the ABone security model• Runs as an ordinary, unprivileged user
Netiod — Network I/O Daemon• Packet I/O service for EEs and AAs
• Implements Node OS channel abstraction• Uniform I/O interface across node OSs• Supplements OS kernel filtering capabilities• Normally runs as a root-privileged service• Can run in user space
ABone Registry• Central database maintained by ABOCC• User contact data and public authentication keys• Core node information• Trusted code server data• Access control (ACL/TCL) data
• Features• User self-service for contact data, keys, and nodes• Administrative functions for ABOCC• Secure Web interface
• ABone support functions• Automated ACL/TCL generation and distribution• Node and contact lists to support monitoring tools
Usability Features
ABCd Client GUI• Guided command construction
• Context-sensitive menus• Intuitive explanations• No syntax to learn
• Command history and recall• Uses ABCd client Java API
• Modular library implementation• Supports custom client development
ABoneShell• Client/server extensions to ABCd• Simplifies common tasks
• EE management• File transfer• Problem diagnosis
• Client user interface• Unix shell-like command tool• Scripting capabilities• Command history and recall
• Remote server extension• Special-purpose EE-let• Transparently invoked
ABoneMonitor• Web-based node and EE monitor• Real-time ABone status reporting• Graphical summary views
• Permanent EE topologies• Whole ABone
• Table-based detailed views• Node liveness• ABCd status• EE and AA status
High-Level Design
• Core nodes• Centrally administered community resource• Required to be continually available• Support multiple EE topologies in permanent configurations
• Edge nodes• Private nodes controlled by individual developers• Not registered as part of the testbed• Dynamically join and leave permanent EE topologies
Composed of Two Node Types
• Active Applications (AAs): Java and C (EE-dependent)• Execution Environments (EEs): Java and C• Node Operating System (Node OS): Unix/POSIX-based
Based on the Active Networks Reference Architecture
• Active Applications (AAs)• Fundamental unit of network programming• AA code may migrate from node to node
• Execution Environments (EEs)• Environment for AA execution• Stable part of active node software
• Node Operating System (Node OS)• Environment for EE execution• Permanent part of active node software
. . .
Node OS
EE
AAAA . . .
EE
AA AA . . .
Reference Architecture for Active NodesDeveloped by the Active Networks
Community
ABone Security Model• Trusted EEs, untrusted AAs
• All code executed within ordinary Unix user accounts• EEs may be downloaded only from trusted servers• EE code trusted not to be malevolent• AA trust requirements EE-dependent
• Access controls• ACL files control who may perform what operations• TCL files control who may use which EE code servers
• File integrity• Guarded by Unix file permission rules• Security-critical files strictly separated from EE/AA files
• Node access• ABOCC trusted to maintain ACL/TCL files• Node administrators control root access
ABone Node Architecture
Authentication &Access Control
Command Processing
ClientCommunications
EE Downloadingand Execution
Unix Operating System
EE
ABCd Netiod
EE Code Server
ACL/TCL Server
Remote User
Channel Control
Packet Filtering
Control messages
InChannel
OutChannel
Network I/O
AA AA
AA Code Server