auth.html 4.61 KB
Newer Older
Leigh Stoller's avatar
Leigh Stoller committed
1 2
<!--
   EMULAB-COPYRIGHT
3
   Copyright (c) 2000-2003 University of Utah and the Flux Group.
Leigh Stoller's avatar
Leigh Stoller committed
4 5
   All rights reserved.
  -->
6
<center>
7
<h2>
8 9 10
    Overview of the Authorization Scheme, Policy, <br> and "How To Get Started"
</h1>
</center>
Jay Lepreau's avatar
Jay Lepreau committed
11

12
<p>
13 14 15 16
We use a hierarchical structure: we authorize a project under a
principal investigator (e.g. a faculty member) and delegate authority
to that person to authorize the project's members-- and accountability
for their behavior.
Jay Lepreau's avatar
Jay Lepreau committed
17

18 19
<h3>Who can start a project?</h3>
<p>
20
In general, a faculty member or well-known senior staff member must
21 22 23 24 25 26
start each project. Students cannot lead projects unless they
have had prior approval by the 
<a href="mailto:testbed-approval@flux.cs.utah.edu">
Emulab Approval Committee</a>. See the next section for the 
reasoning behind this rule.

Jay Lepreau's avatar
Jay Lepreau committed
27
<h3>How do I get started?</h3>
28
<p>
Jay Lepreau's avatar
Jay Lepreau committed
29 30 31 32 33 34 35 36 37 38
Briefly, you use the links at your left to create and join
<em>projects</em>.  Typically, someone who will be the <em>project
leader</em> requests permission from Testbed Ops/Admin, via the web
interface, to <em>create</em> a project.  In academic parlance, a
project leader is a "principal investigator."  That person is expected
to be someone who is responsible, whose position is more or less
verifiable by us, and is therefore accountable.  Specifically, the
project leader is held responsible for the actions of members of
his/her project.

39
<p>
Jay Lepreau's avatar
Jay Lepreau committed
40 41 42 43 44 45 46 47 48 49 50
For example, if you are a grad student who "owns" a project and no
faculty member is really involved, normally you should still get your
advisor or other professor to be the project leader.  Exceptions could
include your being a senior student well-known in the research
community.  If you are not a student, but a senior/core member of an
open source project, either you or someone more official in
the project should be leader, as appropriate.
If you are in a research lab and are not brand new there, you would
probably be the project leader.

<p>
51 52
Typically, after an hour to a day later, or up to week (rarely),
you will receive email from the testbed admin folks,
53 54 55
either approving or denying your project.  You will then be able to
really use the testbed: you will be able to perform various functions
through the Web interface and through a Unix login account.
56

57
<p>
Jay Lepreau's avatar
Jay Lepreau committed
58 59 60 61
People working on the project
(students, staff, etc.) will request permission from the project
leader, also via the web interface, to <em>join</em> the project.
These requests can precede project approval; they will be queued.
62 63 64
Once project members have been authorized by the leader, they can use
the Web interface and their Unix login to start and run experiments,
reserve and configure nodes, etc.
Jay Lepreau's avatar
Jay Lepreau committed
65 66

<p>
67
More detailed information on this
68 69
process can be found in the
<a href="docwrapper.php3?docname=faq.html">Emulab FAQ</a>.
Jay Lepreau's avatar
Jay Lepreau committed
70 71 72 73

<h3>Another way of saying the same thing</h3>

<p>
74 75
If you didn't understand that, then how about this. Use this set of
Web pages:
Jay Lepreau's avatar
Jay Lepreau committed
76 77 78 79

<ul>
<li> to gain authorization to use the testbed, either as
	<ul>
80 81
	<li> a project leader ("principal investigator") who is
	 starting a new project ("start project"), or
Jay Lepreau's avatar
Jay Lepreau committed
82 83 84 85 86 87
	<li> as a worker bee in a particular project ("join project");
	</ul>
<li> as a project leader, to approve or deny pending project members;
<li> to authenticate ("login") to the Web-based testbed services.
</ul>

88
<p>
Jay Lepreau's avatar
Jay Lepreau committed
89 90 91 92 93 94
When your project or membership request is approved or denied you will
receive email.

<h3>Seems awfully complicated</h3>

<p>
Jay Lepreau's avatar
Jay Lepreau committed
95
Experience shows that it's far easier in practice than it sounds.
Jay Lepreau's avatar
Jay Lepreau committed
96

97
<p>
Jay Lepreau's avatar
Jay Lepreau committed
98 99 100 101 102
We need accountability.  However, we want to avoid slowing things
down by checking every user-- thus we delegate that authority
to the PI's.  Since the PI (project leader) has so much authority,
we need more info from them, such as their postal address.

103
<p>
Jay Lepreau's avatar
Jay Lepreau committed
104
If you think this sounds bad, try getting access to a telescope
Jay Lepreau's avatar
Jay Lepreau committed
105 106
or supercomputer.

107
<p>
Jay Lepreau's avatar
Jay Lepreau committed
108
We are certainly open to suggestions, however.
Jay Lepreau's avatar
Jay Lepreau committed
109

110
<h3>I've been approved.  How do I use my account?</h3>
Jay Lepreau's avatar
Jay Lepreau committed
111 112 113 114 115 116 117 118 119 120
<p>
The first step would be to come back here and log in to the Web
interface.  That will update the list of options in the side bar.
	You might be authorized to start projects or experiments, or
	maybe just to use the nodes in an experiment. Either way, your
	options will show up in the side bar.
Those will normally include starting a new "experiment" which leads to
reserving a set of nodes, which leads to automatic creation of Unix
accounts on those nodes for all members in your project. You will be
able to use ssh to log into those machines.
121

Jay Lepreau's avatar
Jay Lepreau committed
122
<p>
123 124
You will also receive an account on the users' master host
"users.emulab.net", and from there will be able to access the test
125
nodes' serial line consoles via 'console' as well as access console log
Jay Lepreau's avatar
Jay Lepreau committed
126
files.